Zhaoyang Wu

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 7.61.1 **Description** The issue is related to a buffer overrun in the NTLM authentication code of the curl software. Specifically, the `Curl ntlm core mk nt hash` function multiplies the length of the password by two to determine the size of the temporary storage area to allocate from the heap. On systems with a 32-bit `size t`, this calculation can trigger an integer overflow when the password length exceeds 2GB, leading to a very small buffer being allocated instead of the intended large one. This, in turn, can cause a heap buffer overflow. The exploitation of this issue can allow a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For versions prior to 7.61.1, update to version 7.61.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of NTLM authentication or limiting the length of passwords to prevent the integer overflow.