Plataforma
curl
Componente
curl
Corrigido em
7.61.2
CVE-2018-14618 describes a buffer overflow vulnerability affecting versions 7.61.0 through 7.61.1 of cURL. This flaw stems from an integer overflow within the NTLM authentication code, potentially allowing an attacker to crash the application or, in more severe cases, execute arbitrary code. A fix is available in cURL version 7.61.2, and users are strongly advised to upgrade.
The vulnerability lies in the Curlntlmcoremknt_hash function, which calculates the size of a temporary buffer used during NTLM authentication. An attacker can trigger an integer overflow by providing a password longer than 2GB (2^31 bytes) on 32-bit systems. This overflow results in an undersized buffer being allocated, leading to a write beyond the allocated memory when the password is processed. Successful exploitation could lead to a denial-of-service condition by crashing the cURL process. While direct code execution is less likely, the potential for memory corruption raises concerns about more complex exploitation scenarios, particularly in environments where cURL is integrated with other sensitive components. Similar integer overflow vulnerabilities have historically been exploited to achieve arbitrary code execution.
CVE-2018-14618 was publicly disclosed on September 5, 2018. There is no indication of active exploitation campaigns targeting this vulnerability at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are known to exist, demonstrating the feasibility of triggering the buffer overflow. The CVSS score of 7.5 (HIGH) reflects the potential for significant impact.
Systems relying on cURL for network communication, particularly those handling user-supplied passwords or interacting with servers requiring NTLM authentication, are at risk. Applications embedding cURL within their code, such as scripting languages or build tools, are also vulnerable. Shared hosting environments where multiple users share the same cURL installation are especially susceptible.
• linux / server:
journalctl -g "curl: libcurl: buffer overflow"• windows / supply-chain:
Get-Process curl | Where-Object {$_.WorkingSet64 -gt 1GB} # Check for unusually high memory usage• generic web:
curl -v https://example.com/ | grep -i 'NTLM' # Check for NTLM authentication usagedisclosure
patch
Status do Exploit
Vetor CVSS
The primary mitigation is to upgrade to cURL version 7.61.2 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Disabling NTLM authentication entirely, if possible, is a strong mitigation. Alternatively, implement strict input validation on the password length before passing it to the NTLM authentication functions. Network firewalls or proxy servers can be configured to block connections using NTLM authentication. Monitor system logs for unusual activity related to cURL, such as crashes or unexpected network connections. No specific Sigma or YARA rules are readily available for this vulnerability, but monitoring for memory corruption patterns in cURL processes could be beneficial.
Actualice a la versión 7.61.2 o posterior para mitigar el riesgo de desbordamiento de búfer. Verifique las fuentes oficiales de cURL para obtener instrucciones de actualización específicas para su sistema operativo y configuración.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2018-14618 is a buffer overflow vulnerability in cURL versions 7.61.0 through 7.61.1, arising from an integer overflow during NTLM authentication. This can lead to denial of service or potential code execution.
You are affected if you are using cURL versions 7.61.0 or 7.61.1. Check your cURL version and upgrade if necessary.
Upgrade to cURL version 7.61.2 or later to resolve the vulnerability. If upgrading is not possible, consider disabling NTLM authentication or implementing input validation.
There is no current evidence of active exploitation campaigns targeting CVE-2018-14618, but public proof-of-concept exploits exist.
Refer to the cURL security advisory: https://curl.se/security/CVE-2018-14618.html
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.