Note:
This project will be discontinued after December 13, 2021. [more]
2018-10-31
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Products | Ubuntu_linux, Debian_linux, Curl |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch |
https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5 |
Relevant file/s | ./lib/vauth/cleartext.c (modified, +1, -1) |
Links |
• https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
• https://usn.ubuntu.com/3805-1/ • https://curl.haxx.se/docs/CVE-2018-16839.html • https://security.gentoo.org/glsa/201903-03 • https://www.debian.org/security/2018/dsa-4331 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: