CVE-2018-16890

EPSS 1.42%
Veröffentlicht 06.02.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 03:53:32
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haxx ≫ Libcurl Version >= 7.36.0 < 7.64.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Debian ≫ Debian Linux Version9.0

Netapp ≫ Clustered Data Ontap

Siemens ≫ Sinema Remote Connect Client Version <= 2.0

Oracle ≫ Communications Operations Monitor Version3.4

Oracle ≫ Communications Operations Monitor Version4.0

Oracle ≫ HTTP Server Version12.2.1.3.0

Oracle ≫ Secure Global Desktop Version5.4

Redhat ≫ Enterprise Linux Version8.0

F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 <= 13.1.3

F5 ≫ Big-ip Access Policy Manager Version >= 14.0.0 <= 14.1.2

F5 ≫ Big-ip Access Policy Manager Version >= 15.0.0 <= 15.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.42%	0.8

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
secalert@redhat.com	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

Third Party Advisory

https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E

https://access.redhat.com/errata/RHSA-2019:3701

Third Party Advisory

http://www.securityfocus.com/bid/106947