Plattform
c
Komponente
curl
Behoben in
7.64.1
CVE-2018-16890 describes a heap buffer out-of-bounds read vulnerability affecting libcurl versions 7.36.0 through 7.64.0. This vulnerability arises from inadequate validation of incoming NTLM type-2 messages, allowing a malicious or compromised NTLM server to trick libcurl into reading beyond the bounds of allocated memory. Upgrading to version 7.64.0 resolves this issue.
An attacker exploiting CVE-2018-16890 could potentially trigger a heap buffer out-of-bounds read within libcurl. This could lead to information disclosure, where sensitive data residing in memory is exposed to the attacker. While complete system compromise is less likely than with a remote code execution vulnerability, the information leaked could be used for further attacks, such as credential theft or privilege escalation. The vulnerability's reliance on a malicious NTLM server means that it is most likely to impact systems interacting with such servers. The blast radius is limited to the scope of the affected libcurl instance and the data it handles.
CVE-2018-16890 has a CVSS score of 5.4 (MEDIUM). It was published on 2019-02-06. While no active exploitation campaigns have been publicly reported, the vulnerability's potential for information disclosure makes it a worthwhile mitigation target. Public proof-of-concept exploits are available, increasing the likelihood of exploitation. It is not currently listed on CISA KEV.
Applications and systems that utilize libcurl for network communication, particularly those that handle NTLM authentication, are at risk. This includes web servers, proxy servers, and any software that relies on libcurl to transfer data over HTTP or HTTPS. Systems running older versions of libcurl (7.36.0–7.64.0) are particularly vulnerable.
• linux / server:
journalctl -u libcurl | grep -i ntlm• generic web:
curl -I https://example.com/ | grep NTLM• c:
Review code for instances of ntlmdecodetype2_target function and surrounding integer validation logic. Look for potential overflow scenarios.
disclosure
Exploit-Status
CVSS-Vektor
The recommended mitigation for CVE-2018-16890 is to upgrade libcurl to version 7.64.0 or later, which contains the fix for this vulnerability. If upgrading is not immediately possible, consider implementing network-level controls to restrict connections to untrusted NTLM servers. WAF rules can be configured to detect and block malicious NTLM traffic. Carefully review and audit any custom NTLM handling code to ensure proper input validation. After upgrading, confirm the fix by testing libcurl's NTLM handling with known malicious NTLM type-2 messages and verifying that no out-of-bounds reads occur.
Actualice a la versión 7.64.0 o posterior para corregir la vulnerabilidad de lectura fuera de límites en el manejo de mensajes NTLM type-2. Verifique las fuentes oficiales de libcurl para obtener instrucciones de actualización específicas para su sistema operativo y configuración.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-16890 is a vulnerability in libcurl versions 7.36.0–7.64.0 that allows a malicious NTLM server to trigger a heap buffer overflow due to improper data validation.
You are affected if your system uses libcurl versions 7.36.0 through 7.64.0 and handles NTLM authentication. Check your libcurl version and upgrade if necessary.
Upgrade to libcurl version 7.64.0 or later to resolve this vulnerability. Consider temporary workarounds if immediate upgrading is not possible.
There is no current evidence of active exploitation campaigns targeting CVE-2018-16890, but the potential for exploitation exists.
Refer to the libcurl security advisory: https://curl.se/security/advisories/CVE-2018-16890.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.