Upgrade Debian:9 curl to version 7.52.1-5+deb9u7 or higher. (This bug is almost identical to CVE-2017-8816.) Remediation This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. See How to fix? for Debian:9 relevant fixed versions and status.Ĭurl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian:9.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |