[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.6] curl: Multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823)

ID: oval:org.secpod.oval:def:1801337Date: (C)2019-04-30   (M)2023-11-10
Class: PATCHFamily: unix




CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Affected versions:¶ libcurl 7.36.0 to and including 7.63.0 Not affected versions:¶ libcurl = 7.64.0

Platform:
Alpine Linux 3.6
Product:
curl
Reference:
9994
CVE-2018-16890
CVE-2019-3822
CVE-2019-3823
CVE    3
CVE-2018-16890
CVE-2019-3823
CVE-2019-3822
CPE    2
cpe:/o:alpinelinux:alpine_linux:3.6
cpe:/a:haxx:curl

© SecPod Technologies