CVE-2018-16840
31.10.2018, 18:29
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 7.59.0 ≤ 𝑥 < 7.62.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4-32bit |
|
Common Weakness Enumeration
References