Integer overflow in curl (Alpine package)

1) Integer overflow

EUVDB-ID: #VU15671

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16839

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in processing the Curl_auth_create_plain_message name and password when handling malicious input. A remote unauthenticated attacker can send specially crafted SASL password data, trigger memory corruption and execute arbitrary code with elevated privileges. The affected function can be invoked using POP3(S), IMAP(S), or SMTP(S).

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

curl (Alpine package): 7.61.1-r0 - 7.61.1-r3

curl (Alpine package):

External links

http://git.alpinelinux.org/aports/commit/?id=9a196002b469339f47b2d93361aced8256aa4dce
http://git.alpinelinux.org/aports/commit/?id=8cf4c8d1fc7898a590a8df46d139785baba40576
http://git.alpinelinux.org/aports/commit/?id=45a890319c9dae0764956a1cde0508ea76d5a6d4
http://git.alpinelinux.org/aports/commit/?id=73c7cfb12e9bf26f050b7ad2b5975c7b8c737f76
http://git.alpinelinux.org/aports/commit/?id=d84961d2c2bf448d72bbe0cbcc3d08d37bb88dab
http://git.alpinelinux.org/aports/commit/?id=e18d21d9de556e0b240ee9927d91fce46d8e31ba
http://git.alpinelinux.org/aports/commit/?id=8776c8cc044196f8f87d6fbc51e38dfa0f5aa438

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.