CVE-2018-16842 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Affected Products (NVD)

Vendor	Product	Version
haxx	curl	7.14.1 ≤ 𝑥 ≤ 7.61.1
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
debian	debian_linux	8.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

curl

bookworm	7.88.1-10+deb12u7 fixed
bookworm (security)	7.88.1-10+deb12u5 fixed
bullseye	7.74.0-1.3+deb11u13 fixed
bullseye (security)	7.74.0-1.3+deb11u11 fixed
sid	8.10.1-2 fixed
trixie	8.10.1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

curl

bionic	Fixed 7.58.0-2ubuntu3.5 released
cosmic	Fixed 7.61.0-1ubuntu2.2 released
trusty	Fixed 7.35.0-1ubuntu2.19 released
xenial	Fixed 7.47.0-1ubuntu2.11 released

openSUSE / SLES Releases

openSUSE Product

Release

curl

suse enterprise desktop 15	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP1	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 12 SP3	7.37.0-37.31.1 fixed
suse enterprise sap 12 SP4	7.60.0-4.3.1 fixed
suse enterprise sap 12 SP5	7.60.0-9.8 fixed
suse enterprise sap 15	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP1	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 12 SP3	7.37.0-37.31.1 fixed
suse enterprise server 12 SP4	7.60.0-4.3.1 fixed
suse enterprise server 12 SP5	7.60.0-9.8 fixed
suse enterprise server 15	7.60.0-3.14.3 fixed
suse enterprise server 15 SP1	7.60.0-3.14.3 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

libcurl-devel

suse enterprise desktop 15	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP1	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 15	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP1	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 15	7.60.0-3.14.3 fixed
suse enterprise server 15 SP1	7.60.0-3.14.3 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

libcurl4

suse enterprise desktop 15	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP1	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 12 SP3	7.37.0-37.31.1 fixed
suse enterprise sap 12 SP4	7.60.0-4.3.1 fixed
suse enterprise sap 12 SP5	7.60.0-9.8 fixed
suse enterprise sap 15	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP1	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 12 SP3	7.37.0-37.31.1 fixed
suse enterprise server 12 SP4	7.60.0-4.3.1 fixed
suse enterprise server 12 SP5	7.60.0-9.8 fixed
suse enterprise server 15	7.60.0-3.14.3 fixed
suse enterprise server 15 SP1	7.60.0-3.14.3 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

libcurl4-32bit

suse enterprise desktop 15	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP1	7.60.0-3.14.3 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 12 SP3	7.37.0-37.31.1 fixed
suse enterprise sap 12 SP4	7.60.0-4.3.1 fixed
suse enterprise sap 12 SP5	7.60.0-9.8 fixed
suse enterprise sap 15	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP1	7.60.0-3.14.3 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 12 SP3	7.37.0-37.31.1 fixed
suse enterprise server 12 SP4	7.60.0-4.3.1 fixed
suse enterprise server 12 SP5	7.60.0-9.8 fixed
suse enterprise server 15	7.60.0-3.14.3 fixed
suse enterprise server 15 SP1	7.60.0-3.14.3 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

curl

RHEL 7

0:7.29.0-54.el7

fixed

libcurl

RHEL 7

0:7.29.0-54.el7

fixed

libcurl-devel

RHEL 7

0:7.29.0-54.el7

fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://www.securitytracker.com/id/1042014

https://access.redhat.com/errata/RHSA-2019:2181

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842

https://curl.haxx.se/docs/CVE-2018-16842.html

https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

https://security.gentoo.org/glsa/201903-03

https://usn.ubuntu.com/3805-1/

https://usn.ubuntu.com/3805-2/

https://www.debian.org/security/2018/dsa-4331

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

http://www.securitytracker.com/id/1042014

https://access.redhat.com/errata/RHSA-2019:2181

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842

https://curl.haxx.se/docs/CVE-2018-16842.html

https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

https://security.gentoo.org/glsa/201903-03

https://usn.ubuntu.com/3805-1/

https://usn.ubuntu.com/3805-2/

https://www.debian.org/security/2018/dsa-4331

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html