ID CVE-2018-14618
Summary curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
References
Vulnerable Configurations
  • Haxx libcurl 6.0
    cpe:2.3:a:haxx:libcurl:6.0
  • Haxx libcurl 6.1
    cpe:2.3:a:haxx:libcurl:6.1
  • Haxx libcurl 6.1 beta
    cpe:2.3:a:haxx:libcurl:6.1:beta
  • Haxx libcurl 6.2
    cpe:2.3:a:haxx:libcurl:6.2
  • Haxx libcurl 6.3
    cpe:2.3:a:haxx:libcurl:6.3
  • Haxx libcurl 6.3.1
    cpe:2.3:a:haxx:libcurl:6.3.1
  • Haxx libcurl 6.4
    cpe:2.3:a:haxx:libcurl:6.4
  • Haxx libcurl 6.5
    cpe:2.3:a:haxx:libcurl:6.5
  • Haxx libcurl 6.5.1
    cpe:2.3:a:haxx:libcurl:6.5.1
  • Haxx libcurl 6.5.2
    cpe:2.3:a:haxx:libcurl:6.5.2
  • Haxx libcurl 7.1
    cpe:2.3:a:haxx:libcurl:7.1
  • Haxx libcurl 7.1.1
    cpe:2.3:a:haxx:libcurl:7.1.1
  • Haxx libcurl 7.2
    cpe:2.3:a:haxx:libcurl:7.2
  • Haxx libcurl 7.2.1
    cpe:2.3:a:haxx:libcurl:7.2.1
  • Haxx libcurl 7.3
    cpe:2.3:a:haxx:libcurl:7.3
  • Haxx libcurl 7.4
    cpe:2.3:a:haxx:libcurl:7.4
  • Haxx libcurl 7.4.1
    cpe:2.3:a:haxx:libcurl:7.4.1
  • Haxx libcurl 7.4.2
    cpe:2.3:a:haxx:libcurl:7.4.2
  • Haxx libcurl 7.5
    cpe:2.3:a:haxx:libcurl:7.5
  • Haxx libcurl 7.5.1
    cpe:2.3:a:haxx:libcurl:7.5.1
  • Haxx libcurl 7.5.2
    cpe:2.3:a:haxx:libcurl:7.5.2
  • Haxx libcurl 7.6
    cpe:2.3:a:haxx:libcurl:7.6
  • Haxx libcurl 7.6.1
    cpe:2.3:a:haxx:libcurl:7.6.1
  • Haxx libcurl 7.7
    cpe:2.3:a:haxx:libcurl:7.7
  • Haxx libcurl 7.7.1
    cpe:2.3:a:haxx:libcurl:7.7.1
  • Haxx libcurl 7.7.2
    cpe:2.3:a:haxx:libcurl:7.7.2
  • Haxx libcurl 7.7.3
    cpe:2.3:a:haxx:libcurl:7.7.3
  • Haxx libcurl 7.8
    cpe:2.3:a:haxx:libcurl:7.8
  • Haxx libcurl 7.8.1
    cpe:2.3:a:haxx:libcurl:7.8.1
  • Haxx libcurl 7.9
    cpe:2.3:a:haxx:libcurl:7.9
  • Haxx libcurl 7.9.1
    cpe:2.3:a:haxx:libcurl:7.9.1
  • Haxx libcurl 7.9.2
    cpe:2.3:a:haxx:libcurl:7.9.2
  • Haxx libcurl 7.9.3
    cpe:2.3:a:haxx:libcurl:7.9.3
  • Haxx libcurl 7.9.4
    cpe:2.3:a:haxx:libcurl:7.9.4
  • Haxx libcurl 7.9.5
    cpe:2.3:a:haxx:libcurl:7.9.5
  • Haxx libcurl 7.9.6
    cpe:2.3:a:haxx:libcurl:7.9.6
  • Haxx libcurl 7.9.7
    cpe:2.3:a:haxx:libcurl:7.9.7
  • Haxx libcurl 7.9.8
    cpe:2.3:a:haxx:libcurl:7.9.8
  • Haxx libcurl 7.10
    cpe:2.3:a:haxx:libcurl:7.10
  • Haxx libcurl 7.10.1
    cpe:2.3:a:haxx:libcurl:7.10.1
  • Haxx libcurl 7.10.2
    cpe:2.3:a:haxx:libcurl:7.10.2
  • Haxx libcurl 7.10.3
    cpe:2.3:a:haxx:libcurl:7.10.3
  • Haxx libcurl 7.10.4
    cpe:2.3:a:haxx:libcurl:7.10.4
  • Haxx libcurl 7.10.5
    cpe:2.3:a:haxx:libcurl:7.10.5
  • Haxx libcurl 7.10.6
    cpe:2.3:a:haxx:libcurl:7.10.6
  • Haxx libcurl 7.10.7
    cpe:2.3:a:haxx:libcurl:7.10.7
  • Haxx libcurl 7.10.8
    cpe:2.3:a:haxx:libcurl:7.10.8
  • Haxx libcurl 7.11.0
    cpe:2.3:a:haxx:libcurl:7.11.0
  • Haxx libcurl 7.11.1
    cpe:2.3:a:haxx:libcurl:7.11.1
  • Haxx libcurl 7.11.2
    cpe:2.3:a:haxx:libcurl:7.11.2
  • Haxx libcurl 7.12.0
    cpe:2.3:a:haxx:libcurl:7.12.0
  • Haxx libcurl 7.12.1
    cpe:2.3:a:haxx:libcurl:7.12.1
  • Haxx libcurl 7.12.2
    cpe:2.3:a:haxx:libcurl:7.12.2
  • Haxx libcurl 7.12.3
    cpe:2.3:a:haxx:libcurl:7.12.3
  • Haxx libcurl 7.13.0
    cpe:2.3:a:haxx:libcurl:7.13.0
  • Haxx libcurl 7.13.1
    cpe:2.3:a:haxx:libcurl:7.13.1
  • Haxx libcurl 7.13.2
    cpe:2.3:a:haxx:libcurl:7.13.2
  • Haxx libcurl 7.14.0
    cpe:2.3:a:haxx:libcurl:7.14.0
  • Haxx libcurl 7.14.1
    cpe:2.3:a:haxx:libcurl:7.14.1
  • Haxx libcurl 7.15.0
    cpe:2.3:a:haxx:libcurl:7.15.0
  • Haxx libcurl 7.15.1
    cpe:2.3:a:haxx:libcurl:7.15.1
  • Haxx libcurl 7.15.2
    cpe:2.3:a:haxx:libcurl:7.15.2
  • Haxx libcurl 7.15.3
    cpe:2.3:a:haxx:libcurl:7.15.3
  • Haxx libcurl 7.15.4
    cpe:2.3:a:haxx:libcurl:7.15.4
  • Haxx libcurl 7.15.5
    cpe:2.3:a:haxx:libcurl:7.15.5
  • Haxx libcurl 7.16.0
    cpe:2.3:a:haxx:libcurl:7.16.0
  • Haxx libcurl 7.16.1
    cpe:2.3:a:haxx:libcurl:7.16.1
  • Haxx libcurl 7.16.2
    cpe:2.3:a:haxx:libcurl:7.16.2
  • Haxx libcurl 7.16.3
    cpe:2.3:a:haxx:libcurl:7.16.3
  • Haxx libcurl 7.16.4
    cpe:2.3:a:haxx:libcurl:7.16.4
  • Haxx libcurl 7.17.0
    cpe:2.3:a:haxx:libcurl:7.17.0
  • Haxx libcurl 7.17.1
    cpe:2.3:a:haxx:libcurl:7.17.1
  • Haxx libcurl 7.18.0
    cpe:2.3:a:haxx:libcurl:7.18.0
  • Haxx libcurl 7.18.1
    cpe:2.3:a:haxx:libcurl:7.18.1
  • Haxx libcurl 7.18.2
    cpe:2.3:a:haxx:libcurl:7.18.2
  • Haxx libcurl 7.19.0
    cpe:2.3:a:haxx:libcurl:7.19.0
  • Haxx libcurl 7.19.1
    cpe:2.3:a:haxx:libcurl:7.19.1
  • Haxx libcurl 7.19.2
    cpe:2.3:a:haxx:libcurl:7.19.2
  • Haxx libcurl 7.19.3
    cpe:2.3:a:haxx:libcurl:7.19.3
  • Haxx libcurl 7.19.4
    cpe:2.3:a:haxx:libcurl:7.19.4
  • Haxx libcurl 7.19.5
    cpe:2.3:a:haxx:libcurl:7.19.5
  • Haxx libcurl 7.19.6
    cpe:2.3:a:haxx:libcurl:7.19.6
  • Haxx libcurl 7.19.7
    cpe:2.3:a:haxx:libcurl:7.19.7
  • Haxx libcurl 7.20.0
    cpe:2.3:a:haxx:libcurl:7.20.0
  • Haxx libcurl 7.20.1
    cpe:2.3:a:haxx:libcurl:7.20.1
  • Haxx libcurl 7.21.0
    cpe:2.3:a:haxx:libcurl:7.21.0
  • Haxx libcurl 7.21.1
    cpe:2.3:a:haxx:libcurl:7.21.1
  • Haxx libcurl 7.21.2
    cpe:2.3:a:haxx:libcurl:7.21.2
  • Haxx libcurl 7.21.3
    cpe:2.3:a:haxx:libcurl:7.21.3
  • Haxx libcurl 7.21.4
    cpe:2.3:a:haxx:libcurl:7.21.4
  • Haxx libcurl 7.21.5
    cpe:2.3:a:haxx:libcurl:7.21.5
  • Haxx libcurl 7.21.6
    cpe:2.3:a:haxx:libcurl:7.21.6
  • Haxx libcurl 7.21.7
    cpe:2.3:a:haxx:libcurl:7.21.7
  • Haxx libcurl 7.22.0
    cpe:2.3:a:haxx:libcurl:7.22.0
  • Haxx libcurl 7.23.0
    cpe:2.3:a:haxx:libcurl:7.23.0
  • Haxx libcurl 7.23.1
    cpe:2.3:a:haxx:libcurl:7.23.1
  • Haxx libcurl 7.24.0
    cpe:2.3:a:haxx:libcurl:7.24.0
  • Haxx libcurl 7.25.0
    cpe:2.3:a:haxx:libcurl:7.25.0
  • Haxx libcurl 7.26.0
    cpe:2.3:a:haxx:libcurl:7.26.0
  • Haxx libcurl 7.27.0
    cpe:2.3:a:haxx:libcurl:7.27.0
  • Haxx libcurl 7.28.0
    cpe:2.3:a:haxx:libcurl:7.28.0
  • Haxx libcurl 7.28.1
    cpe:2.3:a:haxx:libcurl:7.28.1
  • Haxx libcurl 7.29.0
    cpe:2.3:a:haxx:libcurl:7.29.0
  • Haxx libcurl 7.30.0
    cpe:2.3:a:haxx:libcurl:7.30.0
  • Haxx libcurl 7.31.0
    cpe:2.3:a:haxx:libcurl:7.31.0
  • Haxx libcurl 7.32.0
    cpe:2.3:a:haxx:libcurl:7.32.0
  • Haxx libcurl 7.33.0
    cpe:2.3:a:haxx:libcurl:7.33.0
  • Haxx libcurl 7.34.0
    cpe:2.3:a:haxx:libcurl:7.34.0
  • Haxx libcurl 7.35.0
    cpe:2.3:a:haxx:libcurl:7.35.0
  • Haxx libcurl 7.36.0
    cpe:2.3:a:haxx:libcurl:7.36.0
  • Haxx libcurl 7.37.0
    cpe:2.3:a:haxx:libcurl:7.37.0
  • Haxx libcurl 7.37.1
    cpe:2.3:a:haxx:libcurl:7.37.1
  • Haxx libcurl 7.38.0
    cpe:2.3:a:haxx:libcurl:7.38.0
  • Haxx libcurl 7.39
    cpe:2.3:a:haxx:libcurl:7.39
  • Haxx libcurl 7.39.0
    cpe:2.3:a:haxx:libcurl:7.39.0
  • Haxx libcurl 7.40.0
    cpe:2.3:a:haxx:libcurl:7.40.0
  • Haxx libcurl 7.41.0
    cpe:2.3:a:haxx:libcurl:7.41.0
  • Haxx libcurl 7.42
    cpe:2.3:a:haxx:libcurl:7.42
  • Haxx libcurl 7.42.0
    cpe:2.3:a:haxx:libcurl:7.42.0
  • Haxx libcurl 7.42.1
    cpe:2.3:a:haxx:libcurl:7.42.1
  • Haxx libcurl 7.43.0
    cpe:2.3:a:haxx:libcurl:7.43.0
  • Haxx libcurl 7.44.0
    cpe:2.3:a:haxx:libcurl:7.44.0
  • Haxx libcurl 7.45.0
    cpe:2.3:a:haxx:libcurl:7.45.0
  • Haxx libcurl 7.46.0
    cpe:2.3:a:haxx:libcurl:7.46.0
  • Haxx libcurl 7.47.0
    cpe:2.3:a:haxx:libcurl:7.47.0
  • Haxx libcurl 7.47.1
    cpe:2.3:a:haxx:libcurl:7.47.1
  • Haxx libcurl 7.48.0
    cpe:2.3:a:haxx:libcurl:7.48.0
  • Haxx libcurl 7.49.0
    cpe:2.3:a:haxx:libcurl:7.49.0
  • Haxx libcurl 7.49.1
    cpe:2.3:a:haxx:libcurl:7.49.1
  • Haxx libcurl 7.50.0
    cpe:2.3:a:haxx:libcurl:7.50.0
  • Haxx libcurl 7.50.1
    cpe:2.3:a:haxx:libcurl:7.50.1
  • Haxx libcurl 7.50.2
    cpe:2.3:a:haxx:libcurl:7.50.2
  • Haxx libcurl 7.50.3
    cpe:2.3:a:haxx:libcurl:7.50.3
  • Haxx libcurl 7.51.0
    cpe:2.3:a:haxx:libcurl:7.51.0
  • Haxx libcurl 7.52.0
    cpe:2.3:a:haxx:libcurl:7.52.0
  • Haxx libcurl 7.52.1
    cpe:2.3:a:haxx:libcurl:7.52.1
  • Haxx libcurl 7.53.0
    cpe:2.3:a:haxx:libcurl:7.53.0
  • Haxx libcurl 7.53.1
    cpe:2.3:a:haxx:libcurl:7.53.1
  • Haxx libcurl 7.54.0
    cpe:2.3:a:haxx:libcurl:7.54.0
  • Haxx libcurl 7.54.1
    cpe:2.3:a:haxx:libcurl:7.54.1
  • Haxx libcurl 7.55.0
    cpe:2.3:a:haxx:libcurl:7.55.0
  • Haxx libcurl 7.55.1
    cpe:2.3:a:haxx:libcurl:7.55.1
  • Haxx libcurl 7.56.0
    cpe:2.3:a:haxx:libcurl:7.56.0
  • Haxx libcurl 7.56.1
    cpe:2.3:a:haxx:libcurl:7.56.1
  • Haxx libcurl 7.57.0
    cpe:2.3:a:haxx:libcurl:7.57.0
  • Haxx libcurl 7.58.0
    cpe:2.3:a:haxx:libcurl:7.58.0
  • Haxx libcurl 7.59.0
    cpe:2.3:a:haxx:libcurl:7.59.0
  • Haxx libcurl 7.60.0
    cpe:2.3:a:haxx:libcurl:7.60.0
  • Haxx libcurl 7.61.0
    cpe:2.3:a:haxx:libcurl:7.61.0
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux 6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Linux 7.4
    cpe:2.3:o:redhat:enterprise_linux:7.4
  • Red Hat Enterprise Linux 7.5
    cpe:2.3:o:redhat:enterprise_linux:7.5
  • Red Hat Enterprise Linux 7.6
    cpe:2.3:o:redhat:enterprise_linux:7.6
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2715-1.NASL
    description This update for curl fixes the following issues : This security issue was fixed : CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 117527
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117527
    title SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:2715-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1112.NASL
    description curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816 .)(CVE-2018-14618)
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 119471
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119471
    title Amazon Linux AMI : curl (ALAS-2018-1112)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-BA443BCB6D.NASL
    description - fix NTLM password overflow via integer overflow (CVE-2018-14618) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 117622
    published 2018-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117622
    title Fedora 27 : curl (2018-ba443bcb6d)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2717-1.NASL
    description This update for curl fixes the following issues : CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 117529
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117529
    title SUSE SLES11 Security Update : curl (SUSE-SU-2018:2717-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2714-1.NASL
    description This update for curl fixes the following issues : This security issue was fixed : CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 120099
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120099
    title SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:2714-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1008.NASL
    description This update for curl fixes the following issues : This security issue was fixed : - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed : - Fixed erroneous debug message when paired with OpenSSL (bsc#1089533) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 117520
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117520
    title openSUSE Security Update : curl (openSUSE-2018-1008)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-111044D435.NASL
    description - fix NTLM password overflow via integer overflow (CVE-2018-14618) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 120239
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120239
    title Fedora 28 : curl (2018-111044d435)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F4D638B9E6E54DBE8C70571DBC116174.NASL
    description curl security problems : CVE-2018-14618: NTLM password overflow via integer overflow The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. This bug is almost identical to CVE-2017-8816.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 117305
    published 2018-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117305
    title FreeBSD : curl -- password overflow vulnerability (f4d638b9-e6e5-4dbe-8c70-571dbc116174)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1010.NASL
    description This update for curl fixes the following issues : This security issue was fixed : - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed : - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 117521
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117521
    title openSUSE Security Update : curl (openSUSE-2018-1010)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4286.NASL
    description Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems. See https://curl.haxx.se/docs/CVE-2018-14618.html for more information.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 117298
    published 2018-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117298
    title Debian DSA-4286-1 : curl - security update
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-249-01.NASL
    description New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-01-23
    modified 2019-01-22
    plugin id 117325
    published 2018-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117325
    title Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-249-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-7F83032DE6.NASL
    description - fix NTLM password overflow via integer overflow (CVE-2018-14618) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 120567
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120567
    title Fedora 29 : curl (2018-7f83032de6)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1021.NASL
    description According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 122168
    published 2019-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122168
    title EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1021)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1047.NASL
    description According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-23
    modified 2019-02-22
    plugin id 122374
    published 2019-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122374
    title EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1047)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1135.NASL
    description curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816 .)(CVE-2018-14618)
    last seen 2019-02-21
    modified 2019-01-22
    plugin id 119789
    published 2018-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119789
    title Amazon Linux 2 : curl (ALAS-2018-1135)
redhat via4
advisories
rhsa
id RHSA-2018:3558
refmap via4
confirm
debian DSA-4286
gentoo GLSA-201903-03
sectrack 1041605
ubuntu
  • USN-3765-1
  • USN-3765-2
Last major update 05-09-2018 - 15:29
Published 05-09-2018 - 15:29
Last modified 22-04-2019 - 13:48
Back to Top