Lucene search

[email protected]NVD:CVE-2018-16890

HistoryFeb 06, 2019 - 8:29 p.m.

CVE-2018-16890

2019-02-0620:29:00

CWE-125

CWE-190

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.049

Percentile

92.9%

JSON

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Affected configurations

Nvd

Node

haxxlibcurlRange7.36.0–7.64.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

Node

debiandebian_linuxMatch9.0

Node

netappclustered_data_ontap

Node

siemenssinema_remote_connect_clientRange≤2.0

Node

oraclecommunications_operations_monitorMatch3.4

oraclecommunications_operations_monitorMatch4.0

oraclehttp_serverMatch12.2.1.3.0

oraclesecure_global_desktopMatch5.4

Node

redhatenterprise_linuxMatch8.0

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.3

f5big-ip_access_policy_managerRange14.0.0–14.1.2

f5big-ip_access_policy_managerRange15.0.0–15.0.1

VendorProductVersionCPE
haxxlibcurl*cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.10cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
netappclustered_data_ontap*cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*
siemenssinema_remote_connect_client*cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
oraclecommunications_operations_monitor3.4cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
oraclecommunications_operations_monitor4.0cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
haxx	libcurl	*	cpe:2.3:a:haxx:libcurl::::::::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
netapp	clustered_data_ontap	*	cpe:2.3:o:netapp:clustered_data_ontap::::::::
siemens	sinema_remote_connect_client	*	cpe:2.3:a:siemens:sinema_remote_connect_client::::::::
oracle	communications_operations_monitor	3.4	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
oracle	communications_operations_monitor	4.0	cpe:2.3:a:oracle:communications_operations_monitor:4.0:::::::*