svn commit: r479049 - head/security/vuxml
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Wed Sep 5 23:30:18 UTC 2018
Author: sunpoet
Date: Wed Sep 5 23:30:16 2018
New Revision: 479049
URL: https://svnweb.freebsd.org/changeset/ports/479049
Log:
Document curl vulnerability
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Sep 5 23:03:55 2018 (r479048)
+++ head/security/vuxml/vuln.xml Wed Sep 5 23:30:16 2018 (r479049)
@@ -58,6 +58,44 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f4d638b9-e6e5-4dbe-8c70-571dbc116174">
+ <topic>curl -- password overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.15.4</ge><lt>7.61.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>curl security problems:</p>
+ <blockquote cite="https://curl.haxx.se/docs/security.html">
+ <p>CVE-2018-14618: NTLM password overflow via integer overflow</p>
+ <p>The internal function Curl_ntlm_core_mk_nt_hash multiplies the length
+ of the password by two (SUM) to figure out how large temporary storage
+ area to allocate from the heap.</p>
+ <p>The length value is then subsequently used to iterate over the
+ password and generate output into the allocated storage buffer. On
+ systems with a 32 bit size_t, the math to calculate SUM triggers an
+ integer overflow when the password length exceeds 2GB (2^31 bytes).
+ This integer overflow usually causes a very small buffer to actually
+ get allocated instead of the intended very huge one, making the use of
+ that buffer end up in a heap buffer overflow.</p>
+ <p>This bug is almost identical to CVE-2017-8816.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://curl.haxx.se/docs/security.html</url>
+ <url>https://curl.haxx.se/docs/CVE-2018-14618.html</url>
+ <cvename>CVE-2018-14618</cvename>
+ </references>
+ <dates>
+ <discovery>2018-09-05</discovery>
+ <entry>2018-09-05</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c96d416a-eae7-4d5d-bc84-40deca9329fb">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list