Buffer overflow in curl (Alpine package)

1) Buffer overflow

EUVDB-ID: #VU14691

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14618

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists on systems with a 32-bit size_t and that use more than 2 GB of memory for the password field due to a buffer overflow in Curl_ntlm_core_mk_nt_hash() in 'lib/curl_ntlm_core.c' when handling malicious input. A remote unauthenticated attacker can send a specially crafted NTLM authentication password, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

curl (Alpine package): 7.61.0-r0

External links

http://git.alpinelinux.org/aports/commit/?id=f822d334585d66a74e599d5b799790ab00261b3d
http://git.alpinelinux.org/aports/commit/?id=227246d48c90b038cf7c18b91c34b253457a3dc0
http://git.alpinelinux.org/aports/commit/?id=9866a098357a1e601edbcdbf94080a1ecd39858a
http://git.alpinelinux.org/aports/commit/?id=a64f50f2f36792ffa6bf4ca8fa4339d6d373f4f7
http://git.alpinelinux.org/aports/commit/?id=be16f8462ac404319cf0dcf6c6311e873fde118f
http://git.alpinelinux.org/aports/commit/?id=df67baba4917987405ef39567974697f7ff6c0ed

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.