svn commit: r479049 - head/security/vuxml

Sunpoet Po-Chuan Hsieh sunpoet at FreeBSD.org
Wed Sep 5 23:30:18 UTC 2018 

Author: sunpoet
Date: Wed Sep  5 23:30:16 2018
New Revision: 479049
URL: https://svnweb.freebsd.org/changeset/ports/479049

Log:
  Document curl vulnerability

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Sep  5 23:03:55 2018	(r479048)
+++ head/security/vuxml/vuln.xml	Wed Sep  5 23:30:16 2018	(r479049)
@@ -58,6 +58,44 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="f4d638b9-e6e5-4dbe-8c70-571dbc116174">
+    <topic>curl -- password overflow vulnerability</topic>
+    <affects>
+      <package>
+	<name>curl</name>
+	<range><ge>7.15.4</ge><lt>7.61.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>curl security problems:</p>
+	<blockquote cite="https://curl.haxx.se/docs/security.html">
+	  <p>CVE-2018-14618: NTLM password overflow via integer overflow</p>
+	  <p>The internal function Curl_ntlm_core_mk_nt_hash multiplies the length
+	    of the password by two (SUM) to figure out how large temporary storage
+	    area to allocate from the heap.</p>
+	  <p>The length value is then subsequently used to iterate over the
+	    password and generate output into the allocated storage buffer. On
+	    systems with a 32 bit size_t, the math to calculate SUM triggers an
+	    integer overflow when the password length exceeds 2GB (2^31 bytes).
+	    This integer overflow usually causes a very small buffer to actually
+	    get allocated instead of the intended very huge one, making the use of
+	    that buffer end up in a heap buffer overflow.</p>
+	  <p>This bug is almost identical to CVE-2017-8816.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://curl.haxx.se/docs/security.html</url>
+      <url>https://curl.haxx.se/docs/CVE-2018-14618.html</url>
+      <cvename>CVE-2018-14618</cvename>
+    </references>
+    <dates>
+      <discovery>2018-09-05</discovery>
+      <entry>2018-09-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="c96d416a-eae7-4d5d-bc84-40deca9329fb">
     <topic>mozilla -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-all mailing list