Vulnerability Details CVE-2017-8816
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://security.cucumberlinux.com/security/details.php?id=161
- http://www.securityfocus.com/bid/101998
- http://www.securitytracker.com/id/1039896
- http://www.securitytracker.com/id/1040608
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-12e7.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
- http://security.cucumberlinux.com/security/details.php?id=161
- http://www.securityfocus.com/bid/101998
- http://www.securitytracker.com/id/1039896
- http://www.securitytracker.com/id/1040608
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-12e7.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
Products affected by CVE-2017-8816
-
cpe:2.3:a:haxx:curl:7.37.0
-
cpe:2.3:a:haxx:curl:7.37.1
-
cpe:2.3:a:haxx:curl:7.38.0
-
cpe:2.3:a:haxx:curl:7.39.0
-
cpe:2.3:a:haxx:curl:7.40.0
-
cpe:2.3:a:haxx:curl:7.41.0
-
cpe:2.3:a:haxx:curl:7.42.0
-
cpe:2.3:a:haxx:curl:7.42.1
-
cpe:2.3:a:haxx:curl:7.43.0
-
cpe:2.3:a:haxx:curl:7.44.0
-
cpe:2.3:a:haxx:curl:7.45.0
-
cpe:2.3:a:haxx:curl:7.46.0
-
cpe:2.3:a:haxx:curl:7.47.0
-
cpe:2.3:a:haxx:curl:7.47.1
-
cpe:2.3:a:haxx:curl:7.48.0
-
cpe:2.3:a:haxx:curl:7.49.0
-
cpe:2.3:a:haxx:curl:7.49.1
-
cpe:2.3:a:haxx:curl:7.50.0
-
cpe:2.3:a:haxx:curl:7.50.1
-
cpe:2.3:a:haxx:curl:7.50.2
-
cpe:2.3:a:haxx:curl:7.50.3
-
cpe:2.3:a:haxx:curl:7.51.0
-
cpe:2.3:a:haxx:curl:7.52.0
-
cpe:2.3:a:haxx:curl:7.52.1
-
cpe:2.3:a:haxx:curl:7.53.0
-
cpe:2.3:a:haxx:curl:7.53.1
-
cpe:2.3:a:haxx:curl:7.54.0
-
cpe:2.3:a:haxx:curl:7.54.1
-
cpe:2.3:a:haxx:curl:7.55.0
-
cpe:2.3:a:haxx:curl:7.55.1
-
cpe:2.3:a:haxx:curl:7.56.0
-
cpe:2.3:a:haxx:curl:7.56.1
-
cpe:2.3:a:haxx:libcurl:7.36.0
-
cpe:2.3:a:haxx:libcurl:7.37.0
-
cpe:2.3:a:haxx:libcurl:7.37.1
-
cpe:2.3:a:haxx:libcurl:7.38.0
-
cpe:2.3:a:haxx:libcurl:7.39
-
cpe:2.3:a:haxx:libcurl:7.39.0
-
cpe:2.3:a:haxx:libcurl:7.40.0
-
cpe:2.3:a:haxx:libcurl:7.41.0
-
cpe:2.3:a:haxx:libcurl:7.42
-
cpe:2.3:a:haxx:libcurl:7.42.0
-
cpe:2.3:a:haxx:libcurl:7.42.1
-
cpe:2.3:a:haxx:libcurl:7.43.0
-
cpe:2.3:a:haxx:libcurl:7.44.0
-
cpe:2.3:a:haxx:libcurl:7.45.0
-
cpe:2.3:a:haxx:libcurl:7.46.0
-
cpe:2.3:a:haxx:libcurl:7.47.0
-
cpe:2.3:a:haxx:libcurl:7.47.1
-
cpe:2.3:a:haxx:libcurl:7.48.0
-
cpe:2.3:a:haxx:libcurl:7.49.0
-
cpe:2.3:a:haxx:libcurl:7.49.1
-
cpe:2.3:a:haxx:libcurl:7.50.0
-
cpe:2.3:a:haxx:libcurl:7.50.1
-
cpe:2.3:a:haxx:libcurl:7.50.2
-
cpe:2.3:a:haxx:libcurl:7.50.3
-
cpe:2.3:a:haxx:libcurl:7.51.0
-
cpe:2.3:a:haxx:libcurl:7.52.0
-
cpe:2.3:a:haxx:libcurl:7.52.1
-
cpe:2.3:a:haxx:libcurl:7.53.0
-
cpe:2.3:a:haxx:libcurl:7.53.1
-
cpe:2.3:a:haxx:libcurl:7.54.0
-
cpe:2.3:a:haxx:libcurl:7.54.1
-
cpe:2.3:a:haxx:libcurl:7.55.0
-
cpe:2.3:a:haxx:libcurl:7.55.1
-
cpe:2.3:a:haxx:libcurl:7.56.0
-
cpe:2.3:a:haxx:libcurl:7.56.1
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0