Home CVE Database CVE-2018-16839

CVE-2018-16839

Description

libcurl contains a buffer overrun in the SASL authentication code. The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren\'t too long, then calculates a buffer size to allocate. On systems with a 32 bit size_t, the math to calculate the buffer size triggers an integer overflow when the user name length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow.

Priority: HIGH
CVSS v3: 9.8
Publish Date: Oct 31, 2018
Related ID: --
CVSS v2: CRITICAL
Modified Date: Oct 31, 2018

Find out more about CVE-2018-16839 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

curl

Live chat
Online