Description


libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Related CPE's


Vulnerable

o

canonical

ubuntu_linux

4




a

oracle

communications_operations_monitor

2




a

f5

big-ip_access_policy_manager

3

Weaknesses



CWE-125CWE-190


CWE-125

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2019-02-06T20:29:00.243

6 years ago

Last modified

2023-11-07T02:53:57.803

1 year ago