CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 1CVE-2018-16890 – curl: NTLM type-2 heap out-of-bounds buffer read
https://notcve.org/view.php?id=CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites. La función que gestiona los mensajes entrantes NTLM de tipo 2 ("lib/vauth/ntlm.c:ntlm_decode_type2_target") no valida los datos entrantes correctamente y está sujeta a una vulnerabilidad de desbordamiento de enteros. • https://github.com/michelleamesquita/CVE-2018-16890 http://www.securityfocus.com/bid/106947 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2018-16890.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.netapp.com/advisory/ntap-20190315-0001 https://sup • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 19%CPEs: 23EXPL: 1CVE-2019-3822 – curl: NTLMv2 type-3 header stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-3822
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. • http://www.securityfocus.com/bid/106950 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2019-3822.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.gentoo.org/glsa/201903-03 https://security.netapp.com/advisory/ntap-20190315-0001 https://security.n • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18605
https://notcve.org/view.php?id=CVE-2018-18605
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto un problema de sobrelectura de búfer basada en memoria dinámica (heap) en la función sec_merge_hash_lookup en merge.c en la biblioteca Binary File Descriptor (BFD) (también conocida como libbfd), tal y como se distribuye en GNU Binutils 2.31. Esto se debe a que _bfd_add_merge_section gestiona de manera incorrecta las fusiones de sección cuando el tamaño no es un múltiplo de entsize. Un ELF especialmente manipulado permite que atacantes remotos provoquen una denegación de servicio (DoS), tal y como queda demostrado con Id. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/105754 https://security.netapp.com/advisory/ntap-20190307-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=23804 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=ab419ddbb2cdd17ca83618990f2cacf904ce1d61 https://usn.ubuntu.com/4336-1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18606
https://notcve.org/view.php?id=CVE-2018-18606
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto un problema en la función merge_strings en merge.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Hay una desreferencia de puntero NULL en _bfd_add_merge_section al intentar fusionar secciones con grandes alineaciones. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/105754 https://security.netapp.com/advisory/ntap-20190307-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=23806 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45a0eaf77022963d639d6d19871dbab7b79703fc https://usn.ubuntu.com/4336-1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18607
https://notcve.org/view.php?id=CVE-2018-18607
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto un problema en elf_link_input_bfd en elflink.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Hay una desreferencia de puntero NULL en elf_link_input_bfd al emplearse para encontrar símbolos STT_TLS sin ninguna sección TLS. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/105754 https://security.netapp.com/advisory/ntap-20190307-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=23805 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=102def4da826b3d9e169741421e5e67e8731909a https://usn.ubuntu.com/4336-1 • CWE-476: NULL Pointer Dereference •