libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
2019-02-06T20:29:00.243
2024-11-21T03:53:32.740
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | haxx | libcurl | < 7.64.0 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.10 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | netapp | clustered_data_ontap | * | Yes |
| Application | siemens | sinema_remote_connect_client | ≤ 2.0 | Yes |
| Application | oracle | communications_operations_monitor | 3.4 | Yes |
| Application | oracle | communications_operations_monitor | 4.0 | Yes |
| Application | oracle | http_server | 12.2.1.3.0 | Yes |
| Application | oracle | secure_global_desktop | 5.4 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Application | f5 | big-ip_access_policy_manager | ≤ 13.1.3 | Yes |
| Application | f5 | big-ip_access_policy_manager | ≤ 14.1.2 | Yes |
| Application | f5 | big-ip_access_policy_manager | ≤ 15.0.1 | Yes |