ID CVE-2018-16840
Summary A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
References
Vulnerable Configurations
  • cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.61.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.61.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.61.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.61.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2019 - 23:36)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm
gentoo GLSA-201903-03
misc https://curl.haxx.se/docs/CVE-2018-16840.html
sectrack 1042013
ubuntu USN-3805-1
Last major update 09-10-2019 - 23:36
Published 31-10-2018 - 18:29
Last modified 09-10-2019 - 23:36
Back to Top