The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of curl

computer vulnerability CVE-2019-3823

libcurl: out-of-bounds memory reading via SMTP End-of-Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: curl, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, CVE-2019-3823, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28445.

Description of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-16890

libcurl: out-of-bounds memory reading via NTLM Type-2

Synthesis of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, curl, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, CVE-2018-16890, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, STORM-2019-002, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28443.

Description of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-16842

libcurl: out-of-bounds memory reading via Warning Message

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Warning Message of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 31/10/2018.
Identifiers: bulletinoct2018, CVE-2018-16842, DLA-1568-1, DSA-4331-1, FEDORA-2018-298a3d2923, FEDORA-2018-69bac0f51c, FEDORA-2018-7785911c9e, FEDORA-2018-fdc4ca8675, openSUSE-SU-2018:3699-1, openSUSE-SU-2018:3706-1, SSA:2018-304-01, STORM-2019-002, SUSE-SU-2018:3624-1, SUSE-SU-2018:3681-1, SUSE-SU-2019:0339-1, USN-3805-1, USN-3805-2, VIGILANCE-VUL-27650.

Description of the vulnerability

An attacker can force a read at an invalid address via Warning Message of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-16840

libcurl: use after free via Curl_close

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Curl_close() of libcurl, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenOffice, curl, Fedora, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 31/10/2018.
Identifiers: bulletinoct2018, CVE-2018-16840, FEDORA-2018-298a3d2923, FEDORA-2018-69bac0f51c, FEDORA-2018-7785911c9e, FEDORA-2018-fdc4ca8675, openSUSE-SU-2018:3699-1, openSUSE-SU-2018:3706-1, SSA:2018-304-01, SUSE-SU-2018:3624-1, SUSE-SU-2018:3681-1, SUSE-SU-2019:0339-1, USN-3805-1, VIGILANCE-VUL-27649.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Curl_close() of libcurl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-16839

libcurl: buffer overflow via Curl_auth_create_plain_message

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Curl_auth_create_plain_message() of libcurl, in order to trigger a denial of service, and possibly to run code.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 31/10/2018.
Identifiers: bulletinoct2018, CVE-2018-16839, DLA-1568-1, DSA-4331-1, FEDORA-2018-298a3d2923, FEDORA-2018-69bac0f51c, FEDORA-2018-7785911c9e, FEDORA-2018-fdc4ca8675, openSUSE-SU-2018:3706-1, SSA:2018-304-01, STORM-2019-002, SUSE-SU-2018:3624-1, SUSE-SU-2019:0339-1, SUSE-SU-2019:0996-1, USN-3805-1, VIGILANCE-VUL-27648.

Description of the vulnerability

An attacker can generate a buffer overflow via Curl_auth_create_plain_message() of libcurl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-14618

curl: integer overflow via Curl_ntlm_core_mk_nt_hash

Synthesis of the vulnerability

An attacker can generate an integer overflow via Curl_ntlm_core_mk_nt_hash() of curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenOffice, curl, Debian, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 05/09/2018.
Identifiers: bulletinoct2018, CVE-2018-14618, DLA-1498-1, DSA-4286-1, FEDORA-2018-111044d435, FEDORA-2018-ba443bcb6d, ibm10743283, openSUSE-SU-2018:2731-1, openSUSE-SU-2018:2736-1, RHSA-2018:3558-01, SSA:2018-249-01, SUSE-SU-2018:2714-1, SUSE-SU-2018:2715-1, SUSE-SU-2018:2717-1, USN-3765-1, USN-3765-2, VIGILANCE-VUL-27143.

Description of the vulnerability

An attacker can generate an integer overflow via Curl_ntlm_core_mk_nt_hash() of curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0500

curl: buffer overflow via SMTP Send

Synthesis of the vulnerability

An attacker can generate a buffer overflow via SMTP Send of curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenOffice, curl, Fedora, openSUSE Leap, Solaris, Slackware, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 11/07/2018.
Identifiers: bulletinjul2018, CVE-2018-0500, FEDORA-2018-57779d51c1, openSUSE-SU-2018:2431-1, SSA:2018-192-02, SUSE-SU-2018:2423-1, USN-3710-1, VIGILANCE-VUL-26685.

Description of the vulnerability

An attacker can generate a buffer overflow via SMTP Send of curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000300

curl: buffer overflow via FTP Shutdown Response

Synthesis of the vulnerability

An attacker can generate a buffer overflow via FTP Shutdown Response of curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 16/05/2018.
Identifiers: cpujan2019, cpuoct2018, CVE-2018-1000300, FEDORA-2018-9dc7338487, FEDORA-2018-fa01002d7e, openSUSE-SU-2018:1624-1, SSA:2018-136-01, STORM-2019-002, USN-3648-1, VIGILANCE-VUL-26142.

Description of the vulnerability

An attacker can generate a buffer overflow via FTP Shutdown Response of curl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1000301

curl: out-of-bounds memory reading via RTSP

Synthesis of the vulnerability

An attacker can force a read at an invalid address via RTSP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: OpenOffice, curl, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 16/05/2018.
Identifiers: cpujan2019, cpuoct2018, CVE-2018-1000301, DLA-1379-1, DSA-4202-1, FEDORA-2018-9dc7338487, FEDORA-2018-fa01002d7e, ibm10743283, openSUSE-SU-2018:1344-1, openSUSE-SU-2018:1624-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-136-01, SUSE-SU-2018:1327-1, SUSE-SU-2018:1478-1, USN-3648-1, VIGILANCE-VUL-26141.

Description of the vulnerability

An attacker can force a read at an invalid address via RTSP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000122

curl: out-of-bounds memory reading via RTSP RTP

Synthesis of the vulnerability

An attacker can force a read at an invalid address via RTSP RTP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, OpenOffice, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 14/03/2018.
Identifiers: bulletinapr2018, cpujan2019, cpuoct2018, CVE-2018-1000122, DLA-1309-1, DSA-4136-1, FEDORA-2018-66c96e0024, FEDORA-2018-8877b4ccac, JSA10874, openSUSE-SU-2018:0794-1, RHSA-2018:3157-01, RHSA-2018:3558-01, SSA:2018-074-01, STORM-2019-002, SUSE-SU-2018:1323-1, USN-3598-1, USN-3598-2, VIGILANCE-VUL-25547.

Description of the vulnerability

An attacker can force a read at an invalid address via RTSP RTP of curl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about curl: