10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.037 Low
EPSS
Percentile
91.8%
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM
authentication code. The internal function Curl_ntlm_core_mk_nt_hash
multiplies the length of the password by two (SUM) to figure out how large
temporary storage area to allocate from the heap. The length value is then
subsequently used to iterate over the password and generate output into the
allocated storage buffer. On systems with a 32 bit size_t, the math to
calculate SUM triggers an integer overflow when the password length exceeds
2GB (2^31 bytes). This integer overflow usually causes a very small buffer
to actually get allocated instead of the intended very huge one, making the
use of that buffer end up in a heap buffer overflow. (This bug is almost
identical to CVE-2017-8816.)
curl.haxx.se/docs/CVE-2018-14618.html
github.com/curl/curl/issues/2756
launchpad.net/bugs/cve/CVE-2018-14618
nvd.nist.gov/vuln/detail/CVE-2018-14618
security-tracker.debian.org/tracker/CVE-2018-14618
ubuntu.com/security/notices/USN-3765-1
ubuntu.com/security/notices/USN-3765-2
www.cve.org/CVERecord?id=CVE-2018-14618
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.037 Low
EPSS
Percentile
91.8%