Debian update for curl
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 |
| CWE-ID | CWE-125 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
curl (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Heap out-of-bounds read
EUVDB-ID: #VU17457
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-16890
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.
The vulnerability exists due to a integer overflow in the function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly. A remote attacker on malicious or broken NTLM server can trick the victim into accepting a bad length + offset combination, trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..
MitigationUpdate the affected package to version: 7.52.1-5+deb9u9
Vulnerable software versionscurl (Debian package): 7.52.1-1 - 7.52.1-5
CPE2.3- cpe:2.3:a:debian:curl_debian_package:7.52.1-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:curl_debian_package:7.52.1-2:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:curl_debian_package:7.52.1-3:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2019/dsa-4386
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Stack-based buffer overflow
EUVDB-ID: #VU17456
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2019-3822
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to the NT LAN Manager (NTLM) Curl_auth_create_ntlm_type3_message function creates an outgoing NTLM type-3 header and generates the request HTTP header contents based on previously received data. A remote unauthenticated attacker can send very large ‘nt response’ output data, that has been extracted from a previous NTLMv2 header that was provided by a malicious or broken HTTP server, trigger stack-based buffer overflow and cause the service to crash or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 7.52.1-5+deb9u9
Vulnerable software versionscurl (Debian package): 7.52.1-1 - 7.52.1-5
CPE2.3- cpe:2.3:a:debian:curl_debian_package:7.52.1-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:curl_debian_package:7.52.1-2:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:curl_debian_package:7.52.1-3:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2019/dsa-4386
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Heap out-of-bounds read
EUVDB-ID: #VU17458
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-3823
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.
The vulnerability exists due to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. A remote attacker can trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..
MitigationUpdate the affected package to version: 7.52.1-5+deb9u9
Vulnerable software versionscurl (Debian package): 7.52.1-1 - 7.52.1-5
CPE2.3- cpe:2.3:a:debian:curl_debian_package:7.52.1-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:curl_debian_package:7.52.1-2:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:curl_debian_package:7.52.1-3:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2019/dsa-4386
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
