Note:
This project will be discontinued after December 13, 2021. [more]
2018-10-31
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Products | Ubuntu_linux, Debian_linux, Curl |
Type | Out-of-bounds Read (CWE-125) |
First patch |
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211 |
Relevant file/s | ./src/tool_msgs.c (modified, +1, -1) |
Links |
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842
• https://curl.haxx.se/docs/CVE-2018-16842.html • https://security.gentoo.org/glsa/201903-03 • https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html • http://www.securitytracker.com/id/1042014 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: