Allele Security Alert
ASA-2019-00041
Identifier(s)
ASA-2019-00041, CVE-2018-16890
Title
NTLM type-2 out-of-bounds buffer read
Vendor(s)
the Curl project
Product(s)
libcurl
Affected version(s)
libcurl 7.36.0 to and including 7.63.0
Fixed version(s)
libcurl >= 7.64.0
Proof of concept
Unknown
Description
libcurl contains a heap buffer out-of-bounds read flaw.
The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability.
Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Technical details
Unknown
Credits
Wenxiang Qian (Tencent Blade Team)
Reference(s)
curl – NTLM type-2 out-of-bounds buffer read – CVE-2018-16890
https://curl.haxx.se/docs/CVE-2018-16890.html
1672902 – CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1672902
Bug 1670252 (CVE-2018-16890) – CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read
https://bugzilla.redhat.com/show_bug.cgi?id=1670252
[SECURITY ADVISORY] curl: NTLM type-2 out-of-bounds buffer read
https://seclists.org/oss-sec/2019/q1/109
ntlm: Added support for NTLMv2
https://github.com/curl/curl/commit/86724581b6c
CVE-2018-16890
https://security-tracker.debian.org/tracker/CVE-2018-16890
CVE-2018-16890 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16890.html
CVE-2018-16890 | SUSE
https://www.suse.com/pt-br/security/cve/CVE-2018-16890/
USN-3882-1: curl vulnerabilities | Ubuntu security notices
https://usn.ubuntu.com/3882-1/
拒绝超长函数,从两个curl远程漏洞说起https://security.tencent.com/index.php/blog/msg/129
CVE-2018-16890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890
CVE-2018-16890
https://nvd.nist.gov/vuln/detail/CVE-2018-16890
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 18, 2019