CVE-2018-16842

Published: Oct 31, 2018Modified: Nov 21, 2024

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

Affected (8)

Products: Haxx: Curl · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Curl	From 7.14.1 to 7.61.1

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (22)

http://www.securitytracker.com/id/1042014

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2181

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://curl.haxx.se/docs/CVE-2018-16842.html

Source: secalert@redhat.com

PatchVendor Advisory

https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211

Source: secalert@redhat.com

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201903-03

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3805-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3805-2/

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2018/dsa-4331

Source: secalert@redhat.com

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: secalert@redhat.com

http://www.securitytracker.com/id/1042014

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2181

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://curl.haxx.se/docs/CVE-2018-16842.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201903-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3805-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3805-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4331

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.