Platform
c
Component
curl
Fixed in
7.64.1
CVE-2018-16890 describes a heap buffer overflow vulnerability affecting libcurl versions 7.36.0 through 7.64.0. This flaw arises from improper validation of incoming NTLM type-2 messages, allowing a malicious server to trigger an integer overflow. Successful exploitation could lead to a denial-of-service or potentially arbitrary code execution. A patch is available in version 7.64.0.
An attacker could exploit this vulnerability by crafting a malicious NTLM type-2 response that triggers an integer overflow within ntlmdecodetype2_target. This overflow results in a buffer read out-of-bounds, potentially allowing the attacker to read sensitive data from memory or even execute arbitrary code. The impact is particularly significant for applications that rely on libcurl for network communication and handle NTLM authentication. While the CVSS score is MEDIUM (5.4), the potential for code execution elevates the risk, especially in environments where libcurl is used to access sensitive data or interact with untrusted networks. Similar integer overflow vulnerabilities in other libraries have led to remote code execution, highlighting the severity of this issue.
CVE-2018-16890 was publicly disclosed on February 6, 2019. There is no indication of active exploitation campaigns targeting this vulnerability at the time of writing. No public proof-of-concept exploits are widely available, but the vulnerability's nature suggests that development of such exploits is possible. The EPSS score is likely LOW, reflecting the lack of public exploitation and available exploits.
Exploit Status
CVSS Vector
The primary mitigation for CVE-2018-16890 is to upgrade to libcurl version 7.64.0 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to NTLM authentication or validating NTLM responses on the server-side. Web application firewalls (WAFs) configured to inspect NTLM traffic could potentially detect and block malicious requests. Monitor libcurl logs for unusual activity or errors related to NTLM authentication. After upgrading, confirm the fix by attempting to reproduce the vulnerability with a known malicious NTLM payload and verifying that the buffer overflow is no longer triggered.
Update to version 7.64.0 or later to fix the out-of-bounds read vulnerability in NTLM type-2 message handling. Check the official libcurl sources for specific upgrade instructions for your operating system and configuration.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2018-16890 is a vulnerability in libcurl versions 7.36.0–7.64.0 that allows a malicious NTLM server to trigger a heap buffer overflow due to improper data validation.
You are affected if your system uses libcurl versions 7.36.0 through 7.64.0 and handles NTLM authentication. Check your libcurl version and upgrade if necessary.
Upgrade to libcurl version 7.64.0 or later to resolve this vulnerability. Consider temporary workarounds if immediate upgrading is not possible.
There is no current evidence of active exploitation campaigns targeting CVE-2018-16890, but the potential for exploitation exists.
Refer to the libcurl security advisory: https://curl.se/security/advisories/CVE-2018-16890.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.