CVE-2018-16890

Published: Feb 6, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Affected (16)

Products: Haxx: Libcurl · Canonical: Ubuntu Linux · Debian: Debian Linux · +5 more

Show all products

Haxx: Libcurl · Canonical: Ubuntu Linux · Debian: Debian Linux · Netapp: Clustered Data Ontap · Siemens: Sinema Remote Connect Client · Oracle: Communications Operations Monitor, Http Server, Secure Global Desktop · Redhat: Enterprise Linux · F5: Big Ip Access Policy Manager

1 product

1 product

1 product

1 product

Clustered Data Ontap

1 product

Sinema Remote Connect Client

3 products

Communications Operations Monitor

Secure Global Desktop

1 product

Enterprise Linux

1 product

Big Ip Access Policy Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Libcurl	From 7.36.0 to 7.64.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect Client	Up to 2.0

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Operations Monitor	Version 3.4
Oracle Communications Operations Monitor	Version 4.0
Oracle Http Server	Version 12.2.1.3.0
Oracle Secure Global Desktop	Version 5.4

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0

Configuration H

3 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.3
F5 Big Ip Access Policy Manager	From 14.0.0 to 14.1.2
F5 Big Ip Access Policy Manager	From 15.0.0 to 15.0.1

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (24)

http://www.securityfocus.com/bid/106947

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:3701

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890

Source: secalert@redhat.com

Issue TrackingMitigationPatchThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

Source: secalert@redhat.com

Third Party Advisory

https://curl.haxx.se/docs/CVE-2018-16890.html

Source: secalert@redhat.com

PatchVendor Advisory

https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20190315-0001/

Source: secalert@redhat.com

PatchThird Party Advisory

https://support.f5.com/csp/article/K03314397?utm_source=f5support&amp%3Butm_medium=RSS

Source: secalert@redhat.com

https://usn.ubuntu.com/3882-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2019/dsa-4386

Source: secalert@redhat.com

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: secalert@redhat.com

PatchThird Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.securityfocus.com/bid/106947

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:3701

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationPatchThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://curl.haxx.se/docs/CVE-2018-16890.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20190315-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://support.f5.com/csp/article/K03314397?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3882-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4386

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.