CURL-CVE-2018-16839

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2018-16839.html

Import Source

https://curl.se/docs/CURL-CVE-2018-16839.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2018-16839

Aliases

CVE-2018-16839

Published

2018-10-31T08:00:00Z

Modified

2026-05-21T06:00:27.917695246Z

Summary

SASL password overflow via integer overflow

Details

libcurl contains a buffer overrun in the SASL authentication code.

The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password are not too long, then calculates a buffer size to allocate.

On systems with a 32-bit size_t, the math to calculate the buffer size triggers an integer overflow when the username length exceeds 1GB and the password name length is close to 2GB in size. This integer overflow usually causes a tiny buffer to actually get allocated instead of the intended huge one, making the use of that buffer end up in a heap buffer overflow.

(This bug is similar to CVE-2018-14618.)

Database specific

{
    "CWE": {
        "id": "CWE-131",
        "desc": "Incorrect Calculation of Buffer Size"
    },
    "severity": "Low",
    "www": "https://curl.se/docs/CVE-2018-16839.html",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2018-16839.json",
    "package": "curl",
    "last_affected": "7.61.1"
}

References

Credits

- Harry Sintonen - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.33.0

Fixed

7.62.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

c56f9797e7feb7c2dc93bc389d4b85cc75220d77

Fixed

f3a24d7916b9173c69a3e0ee790102993833d6c5

Affected versions

7.*

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

Other

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_42_1

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

Database specific

source

"https://curl.se/docs/CURL-CVE-2018-16839.json"