Lucene search
F5F5:K03314397HistoryOct 24, 2019 - 12:00 a.m.
K03314397 : libcurl vulnerability CVE-2018-16890
2019-10-2400:00:00
my.f5.com
60
Security Advisory Description
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. (CVE-2018-16890)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
osv
osv
CVE-2018-16890
2019-02-06 20:29:00
curl - security update
2019-02-06 00:00:00
curl - security update
2019-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2018-16890
2019-02-06 00:00:00
cvelist
cvelist
CVE-2018-16890
2019-02-06 20:00:00
cve
cve
CVE-2018-16890
2019-02-06 20:29:00
redhatcve
redhatcve
CVE-2018-16890
2019-02-06 08:20:33
alpinelinux
alpinelinux
CVE-2018-16890
2019-02-06 20:29:00
nessus
nessus
Photon OS 2.0: Curl PHSA-2019-2.0-0171
2019-09-12 00:00:00
SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0249-1)
2019-02-07 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : curl vulnerabilities (USN-3882-1)
2019-02-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-02-08 03:04:52
nvd
nvd
CVE-2018-16890
2019-02-06 20:29:00
prion
prion
Integer overflow
2019-02-06 20:29:00
debiancve
debiancve
CVE-2018-16890
2019-02-06 20:29:00
suse
suse
Security update for curl (important)
2019-02-14 00:00:00
Security update for curl (important)
2019-02-14 00:00:00
openvas
openvas
openSUSE: Security Advisory for curl (openSUSE-SU-2019:0173-1)
2019-02-15 00:00:00
Oracle MySQL Server 5.7 <= 5.7.26 / 8.0 <= 8.0.15 Security Update (cpujul2019) - Linux
2019-07-24 00:00:00
Debian: Security Advisory (DSA-4386-1)
2019-02-05 00:00:00
archlinux
archlinux
[ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution
2019-02-12 00:00:00
[ASA-201902-9] curl: arbitrary code execution
2019-02-12 00:00:00
[ASA-201902-10] libcurl-gnutls: arbitrary code execution
2019-02-12 00:00:00
ibm
ibm
Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities
2019-03-29 11:00:02
freebsd
freebsd
curl -- multiple vulnerabilities
2019-02-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.64.0-alt1
2019-02-08 00:00:00
debian
debian
[SECURITY] [DLA 1672-1] curl security update
2019-02-11 15:43:52
[SECURITY] [DSA 4386-1] curl security update
2019-02-06 22:36:32
cloudfoundry
cloudfoundry
USN-3882-1: curl vulnerabilities | Cloud Foundry
2019-02-15 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2019-02-06 00:00:00
slackware
slackware
[slackware-security] curl
2019-02-06 23:59:25
oraclelinux
oraclelinux
curl security and bug fix update
2019-11-14 00:00:00
redhat
redhat
ics
ics
Siemens SINEMA Remote Connect (Update A)
2021-03-09 12:00:00
photon
photon
fedora
fedora
[SECURITY] Fedora 29 Update: curl-7.61.1-8.fc29
2019-02-12 02:58:21
[SECURITY] Fedora 29 Update: curl-7.61.1-11.fc29
2019-06-09 02:58:45
[SECURITY] Fedora 29 Update: curl-7.61.1-12.fc29
2019-09-29 02:22:57
amazon
amazon
Medium: curl
2019-02-16 00:34:00
kitploit
kitploit
oracle
oracle
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00