PT-2018-2290 · Curl+5 · Curl+5

Zhaoyang Wu

·

Published

2018-07-18

·

Updated

2026-05-18

·

CVE-2018-14618

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions curl versions prior to 7.61.1
Description The issue is related to a buffer overrun in the NTLM authentication code of the curl software. Specifically, the Curl ntlm core mk nt hash function multiplies the length of the password by two to determine the size of the temporary storage area to allocate from the heap. On systems with a 32-bit size t, this calculation can trigger an integer overflow when the password length exceeds 2GB, leading to a very small buffer being allocated instead of the intended large one. This, in turn, can cause a heap buffer overflow. The exploitation of this issue can allow a remote attacker to cause a denial of service or execute arbitrary code.
Recommendations For versions prior to 7.61.1, update to version 7.61.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of NTLM authentication or limiting the length of passwords to prevent the integer overflow.

Fix

Heap Based Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-131CWE-122CWE-190

Related Identifiers

ALT-PU-2018-2294
ALT-PU-2018-2456
BDU:2019-00416
CESA-2019_1880
CLEANSTART-2026-AY18527
CLEANSTART-2026-BW46578
CLEANSTART-2026-DI23929
CLEANSTART-2026-LQ42192
CLEANSTART-2026-OF85770
CVE-2018-14618
DLA-1498-1
DSA-4286-1
MGASA-2018-0423
OPENSUSE-SU-2018_2731-1
OPENSUSE-SU-2018_2736-1
OPENSUSE-SU-2024:10582-1
RHSA-2018:3558
RHSA-2019:1880
RHSA-2019_1880
SUSE-SU-2018:2629-1
SUSE-SU-2018:2714-1
SUSE-SU-2018:2715-1
SUSE-SU-2018:2717-1
SUSE-SU-2018_2714-1
SUSE-SU-2018_2715-1
SUSE-SU-2018_2717-1
USN-3765-1
USN-3765-2

Affected Products

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Curl