CVE-2018-14618:NTLM buffer overflow via integer overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
zhao.shuai |
Bug Description
Brief Description
-----------------
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_
Severity
--------
Major: System/Feature is usable but degraded
Steps to Reproduce
------------------
Affected versions: libcurl 7.36.0 to and including 7.56.1
Not affected versions: libcurl < 7.36.0 and >= 7.57.0
Detailed description path
------------------
https:/
https:/
CVE References
Changed in starlingx: | |
importance: | Undecided → High |
Changed in starlingx: | |
assignee: | nobody → zhao.shuai (zhao.shuai.neusoft) |
status: | New → In Progress |
Changed in starlingx: | |
assignee: | zhao.shuai (zhao.shuai.neusoft) → zhao.shuai (zhao.shuai) |
information type: | Private Security → Public Security |
This meets the CVE policy for providing a fix to stx.2.0 as well as master.