Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "323405508741544077634728860040609514286", "223299084025646397460911356647096920855", "237287603532771469400165005710548925177", "294262302604077010113878498613345104589" ] }, "signature_type": "Line", "source": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5", "target": { "file": "lib/vauth/cleartext.c" }, "signature_version": "v1", "deprecated": false, "id": "CVE-2018-16839-226b7354" }, { "digest": { "function_hash": "307941837594799485192212106034451078774", "length": 711.0 }, "signature_type": "Function", "source": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5", "target": { "file": "lib/vauth/cleartext.c", "function": "Curl_auth_create_plain_message" }, "signature_version": "v1", "deprecated": false, "id": "CVE-2018-16839-98aef08a" } ] }