CVE-2018-14618

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

References

http://www.securitytracker.com/id/1041605

https://access.redhat.com/errata/RHSA-2018:3558

https://access.redhat.com/errata/RHSA-2019:1880

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618

https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

https://curl.haxx.se/docs/CVE-2018-14618.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014

https://security.gentoo.org/glsa/201903-03

https://usn.ubuntu.com/3765-1/

https://usn.ubuntu.com/3765-2/

https://www.debian.org/security/2018/dsa-4286

Details

Source: MITRE

Published: 2018-09-05

Updated: 2019-04-22

Type: CWE-190

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
129904NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Vulnerability (NS-SA-2019-0182)NessusNewStart CGSL Local Security Checks
critical
128701NewStart CGSL CORE 5.05 / MAIN 5.05 : curl Vulnerability (NS-SA-2019-0171)NessusNewStart CGSL Local Security Checks
critical
127724Scientific Linux Security Update : curl on SL7.x x86_64 (20190729)NessusScientific Linux Local Security Checks
critical
127619RHEL 7 : curl (RHSA-2019:1880)NessusRed Hat Local Security Checks
critical
127604Oracle Linux 7 : curl (ELSA-2019-1880)NessusOracle Linux Local Security Checks
critical
127470CentOS 7 : curl (CESA-2019:1880)NessusCentOS Local Security Checks
critical
124993EulerOS Virtualization for ARM 64 3.0.1.0 : curl (EulerOS-SA-2019-1540)NessusHuawei Local Security Checks
critical
123708EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1240)NessusHuawei Local Security Checks
critical
123705EulerOS Virtualization 2.5.4 : curl (EulerOS-SA-2019-1237)NessusHuawei Local Security Checks
critical
123302openSUSE Security Update : curl (openSUSE-2019-694)NessusSuSE Local Security Checks
critical
123103EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-1090)NessusHuawei Local Security Checks
critical
122898Photon OS 1.0: Curl PHSA-2019-1.0-0205NessusPhotonOS Local Security Checks
critical
122731GLSA-201903-03 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
122374EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1047)NessusHuawei Local Security Checks
critical
122168EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1021)NessusHuawei Local Security Checks
critical
120567Fedora 29 : curl (2018-7f83032de6)NessusFedora Local Security Checks
critical
120239Fedora 28 : curl (2018-111044d435)NessusFedora Local Security Checks
critical
120099SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:2714-1)NessusSuSE Local Security Checks
critical
119789Amazon Linux 2 : curl (ALAS-2018-1135)NessusAmazon Linux Local Security Checks
critical
119471Amazon Linux AMI : curl (ALAS-2018-1112)NessusAmazon Linux Local Security Checks
critical
117622Fedora 27 : curl (2018-ba443bcb6d)NessusFedora Local Security Checks
critical
117529SUSE SLES11 Security Update : curl (SUSE-SU-2018:2717-1)NessusSuSE Local Security Checks
critical
117527SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:2715-1)NessusSuSE Local Security Checks
critical
117521openSUSE Security Update : curl (openSUSE-2018-1010)NessusSuSE Local Security Checks
critical
117520openSUSE Security Update : curl (openSUSE-2018-1008)NessusSuSE Local Security Checks
critical
117325Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-249-01)NessusSlackware Local Security Checks
critical
117305FreeBSD : curl -- password overflow vulnerability (f4d638b9-e6e5-4dbe-8c70-571dbc116174)NessusFreeBSD Local Security Checks
critical
117298Debian DSA-4286-1 : curl - security updateNessusDebian Local Security Checks
critical