CURL-CVE-2017-8816
- Source
- https://curl.se/docs/CVE-2017-8816.html
- Import Source
- https://curl.se/docs/CURL-CVE-2017-8816.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CURL-CVE-2017-8816
- Aliases
- Published
- 2017-11-29T08:00:00Z
- Modified
- 2026-05-29T05:40:52.270741Z
- Summary
- NTLM buffer overflow via integer overflow
- Details
-
libcurl contains a buffer overrun flaw in the NTLM authentication code.
The internal function
Curl_ntlm_core_mk_ntlmv2_hashsums up the lengths of the username + password (= SUM) and multiplies the sum by two (= SIZE) to figure out how large storage to allocate from the heap.The SUM value is subsequently used to iterate over the input and generate output into the storage buffer. On systems with a 32-bit
size_t, the math to calculate SIZE triggers an integer overflow when the combined lengths of the username and password is larger than 2GB (2^31 bytes). This integer overflow usually causes a tiny buffer to actually get allocated instead of the intended huge one, making the use of that buffer end up in a buffer overrun. - Database specific
{ "www": "https://curl.se/docs/CVE-2017-8816.html", "CWE": { "id": "CWE-131", "desc": "Incorrect Calculation of Buffer Size" }, "package": "curl", "last_affected": "7.56.1", "affects": "both", "URL": "https://curl.se/docs/CVE-2017-8816.json", "severity": "Medium" }- References
-
- Credits
-
-
- Alex Nichols - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.36.0Fixed7.57.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
Other
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_42_1
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0
curl-7_52_0
curl-7_52_1
curl-7_53_0
curl-7_53_1
curl-7_54_0
curl-7_54_1
curl-7_55_0
curl-7_55_1
curl-7_56_0
curl-7_56_1
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"143307946170380394322496725193537866435",
"8611769998002858735245279477916014849",
"181037343260235494689687892884785204211",
"7022758903306816365276250846503787395",
"139373938993082156567472481065001440990",
"228025209488953948009283304126943692797",
"197752229475960764220277212291524517432",
"325462468753846887109300433415764792342",
"329445625880153167605977306647777408676"
],
"threshold": 0.9
},
"id": "CURL-CVE-2017-8816-1c95057a",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/curl/curl.git/commit/7f2a1df6f5fc598750b2c6f34465c8d924db28cc",
"target": {
"file": "lib/curl_ntlm_core.c"
}
},
{
"signature_type": "Function",
"digest": {
"length": 469.0,
"function_hash": "55252544315279078705907572270486622253"
},
"id": "CURL-CVE-2017-8816-bca56262",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/curl/curl.git/commit/7f2a1df6f5fc598750b2c6f34465c8d924db28cc",
"target": {
"function": "Curl_ntlm_core_mk_ntlmv2_hash",
"file": "lib/curl_ntlm_core.c"
}
}
]
source
"https://curl.se/docs/CURL-CVE-2017-8816.json"
vanir_signatures_modified
"2026-05-29T05:40:52Z"