libcurl NTLM type-2 Messages Handling Function Heap Buffer Out-of-Bounds Read Vulnerability



A vulnerability in libcurl could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.

The vulnerability exists in the NT LAN Manager (NTLM) ntlm_decode_type2_target function, as defined in the lib/vauth/ntlm.c source code file of the affected software, and is due to improper handling of NTLM type-2 message data. An attacker could exploit the vulnerability by persuading a user to accept a bad length + offset combination from a malicious or broken NTLM server. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

The cURL Project has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-16890

Source:: Cisco Multivendor Vulnerability Alerts