Wind River Support Network

Description

libcurl contains a buffer overrun in the SASL authentication code. The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then calculates a buffer size to allocate. On systems with a 32 bit size_t, the math to calculate the buffer size triggers an integer overflow when the user name length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow.

https://nvd.nist.gov/vuln/detail/CVE-2018-16839 

Other Downloads

• Wind River Linux LTS 10.17.41.13
• Wind River Linux LTS 10.17.41.14
• Wind River Linux LTS 10.17.41.15
• Wind River Linux LTS 10.17.41.16
• Wind River Linux LTS 10.17.41.17
• Wind River Linux LTS 10.17.41.18
• Wind River Linux LTS 10.17.41.20
• Wind River Linux LTS 10.17.41.21
• Wind River Linux LTS 10.17.41.22
• Wind River Linux LTS 10.17.41.23
• Wind River Linux LTS 10.17.41.24
• Wind River Linux LTS 10.17.41.25
• Wind River Linux LTS 10.17.41.26
• Wind River Linux LTS 10.17.41.27

CVEs

• CVE-2018-16839