Gentoo update for cURL
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2018-14618 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2019-3822 CVE-2019-3823 |
| CWE-ID | CWE-120 CWE-190 CWE-416 CWE-122 CWE-121 CWE-125 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU14691
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-14618
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists on systems with a 32-bit size_t and that use more than 2 GB of memory for the password field due to a buffer overflow in Curl_ntlm_core_mk_nt_hash() in 'lib/curl_ntlm_core.c' when handling malicious input. A remote unauthenticated attacker can send a specially crafted NTLM authentication password, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-misc/curl to version: 7.64.0
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201903-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU15671
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-16839
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in processing the Curl_auth_create_plain_message name and password when handling malicious input. A remote unauthenticated attacker can send specially crafted SASL password data, trigger memory corruption and execute arbitrary code with elevated privileges. The affected function can be invoked using POP3(S), IMAP(S), or SMTP(S).
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-misc/curl to version: 7.64.0
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201903-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU15672
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-16840
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to use-after-free error in closing an easy handle in the 'Curl_close()' function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption and cause the service to crash.
MitigationUpdate the affected packages.
net-misc/curl to version: 7.64.0
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201903-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU15673
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-16842
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer over-read in the tool_msgs.c:voutf() function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption to read back out-of-buffer data and cause the service to crash.
MitigationUpdate the affected packages.
net-misc/curl to version: 7.64.0
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201903-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU17456
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2019-3822
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to the NT LAN Manager (NTLM) Curl_auth_create_ntlm_type3_message function creates an outgoing NTLM type-3 header and generates the request HTTP header contents based on previously received data. A remote unauthenticated attacker can send very large ‘nt response’ output data, that has been extracted from a previous NTLMv2 header that was provided by a malicious or broken HTTP server, trigger stack-based buffer overflow and cause the service to crash or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-misc/curl to version: 7.64.0
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201903-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Heap out-of-bounds read
EUVDB-ID: #VU17458
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-3823
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.
The vulnerability exists due to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. A remote attacker can trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..
MitigationUpdate the affected packages.
net-misc/curl to version: 7.64.0
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201903-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
