CVE-2018-14618 (retired)

Priority
Description
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM
authentication code. The internal function Curl_ntlm_core_mk_nt_hash
multiplies the length of the password by two (SUM) to figure out how large
temporary storage area to allocate from the heap. The length value is then
subsequently used to iterate over the password and generate output into the
allocated storage buffer. On systems with a 32 bit size_t, the math to
calculate SUM triggers an integer overflow when the password length exceeds
2GB (2^31 bytes). This integer overflow usually causes a very small buffer
to actually get allocated instead of the intended very huge one, making the
use of that buffer end up in a heap buffer overflow. (This bug is almost
identical to CVE-2017-8816.)
Assigned-to
leosilva
Package
Source: curl (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (7.22.0-3ubuntu4.23)
Ubuntu 16.04 LTS (Xenial Xerus):released (7.47.0-1ubuntu2.9)
Ubuntu 18.04 LTS (Bionic Beaver):released (7.58.0-2ubuntu3.3)
Patches:
Other:https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243
More Information

Updated: 2019-08-23 09:29:58 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)