[3.8] curl: Multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823)ID: oval:org.secpod.oval:def:1801331 | Date: (C)2019-04-30 (M)2023-11-10 |
Class: PATCH | Family: unix |
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Affected versions:¶ libcurl 7.36.0 to and including 7.63.0 Not affected versions:¶ libcurl = 7.64.0
Platform: |
Alpine Linux 3.8 |