CVE-2018-16842 - OpenCVE

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Haxx	Curl

Configuration 1 [-]

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1042014	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:2181
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842	Issue Tracking Third Party Advisory
https://curl.haxx.se/docs/CVE-2018-16842.html	Patch Vendor Advisory
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201903-03	Third Party Advisory
https://usn.ubuntu.com/3805-1/	Third Party Advisory
https://usn.ubuntu.com/3805-2/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4331	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-10-31T19:00:00

Updated: 2019-10-16T17:40:48

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16842

JSON object: View

NVD Information

Status : Modified

Published: 2018-10-31T19:29:00.690

Modified: 2019-08-06T17:15:28.757

Link: CVE-2018-16842

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "curl:", "vendor": "The Curl Project", "versions": [{"status": "affected", "version": "from 7.14.1 to 7.61.1"}]}], "datePublic": "2018-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-16T17:40:48", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "GLSA-201903-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-03"}, {"name": "DSA-4331", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4331"}, {"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"}, {"tags": ["x_refsource_MISC"], "url": "https://curl.haxx.se/docs/CVE-2018-16842.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"}, {"name": "1042014", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1042014"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"}, {"name": "USN-3805-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3805-2/"}, {"name": "USN-3805-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3805-1/"}, {"name": "RHSA-2019:2181", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2181"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16842", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "curl:", "version": {"version_data": [{"version_value": "from 7.14.1 to 7.61.1"}]}}]}, "vendor_name": "The Curl Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service."}]}, "impact": {"cvss": [[{"vectorString": "4.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125"}]}]}, "references": {"reference_data": [{"name": "GLSA-201903-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-03"}, {"name": "DSA-4331", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4331"}, {"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"}, {"name": "https://curl.haxx.se/docs/CVE-2018-16842.html", "refsource": "MISC", "url": "https://curl.haxx.se/docs/CVE-2018-16842.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"}, {"name": "1042014", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042014"}, {"name": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", "refsource": "CONFIRM", "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"}, {"name": "USN-3805-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3805-2/"}, {"name": "USN-3805-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3805-1/"}, {"name": "RHSA-2019:2181", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2181"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16842", "datePublished": "2018-10-31T19:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2019-10-16T17:40:48", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "770B33FC-61E9-43CF-AFBF-46DBBD8608CF", "versionEndIncluding": "7.61.1", "versionStartIncluding": "7.14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service."}, {"lang": "es", "value": "Curl, desde la versi\u00f3n 7.14.1 hasta la 7.61.1, es vulnerable a una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en la funci\u00f3n tool_msgs.c:voutf() que podr\u00eda resultar en una exposici\u00f3n de informaci\u00f3n y una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-16842", "lastModified": "2019-08-06T17:15:28.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-10-31T19:29:00.690", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1042014"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:2181"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://curl.haxx.se/docs/CVE-2018-16842.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-03"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3805-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3805-2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4331"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}