Source: curl Version: 7.61.0-1 Severity: serious Tags: security upstream Justification: otherwise regression from stable for security fix Forwarded: https://github.com/curl/curl/issues/2756 Control: found -1 7.52.1-1 Control: fixed -1 7.52.1-5+deb9u7
Hi, The following vulnerability was published for curl. Justification for the severity, is that it would otherwise imply a regression from stable for a security fix. CVE-2018-14618[0]: | curl before version 7.61.1 is vulnerable to a buffer overrun in the | NTLM authentication code. The internal function | Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two | (SUM) to figure out how large temporary storage area to allocate from | the heap. The length value is then subsequently used to iterate over | the password and generate output into the allocated storage buffer. On | systems with a 32 bit size_t, the math to calculate SUM triggers an | integer overflow when the password length exceeds 2GB (2^31 bytes). | This integer overflow usually causes a very small buffer to actually | get allocated instead of the intended very huge one, making the use of | that buffer end up in a heap buffer overflow. (This bug is almost | identical to CVE-2017-8816.) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14618 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618 [1] https://curl.haxx.se/docs/CVE-2018-14618.html [2] https://github.com/curl/curl/issues/2756 [3] https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
