CVE-2018-16840 Information
Description
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an ’easy’ handle in the Curl_close() function the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securitytracker.com/id/1042013
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840
https://curl.haxx.se/docs/CVE-2018-16840.html
https://curl.haxx.se/docs/CVE-2018-16840.html
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
https://security.gentoo.org/glsa/201903-03
https://usn.ubuntu.com/3805-1/
A
heap
use-after-free
flaw
was
found
in
curl
versions
from
7.59.0
through
7.61.1
in
the
code
related
to
closing
an
easy
handle.
When
closing
and
cleaning
up
an
’easy'
handle
in
the
Curl_close()
function
the
library
code
first
frees
a
struct
(without
nulling
the
pointer)
and
might
then
subsequently
erroneously
write
to
a
struct
field
within
that
already
freed
struct.
cpe:2.3:a:haxx:curl::::::::
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: