You are here

Home › Curl: Vulnerabilities fixed in Version 7.62.0

Curl: Vulnerabilities fixed in Version 7.62.0

Submitted on 2. November 2018 - 9:07 by rischi.
Last update on 2. November 2018 - 9:36.
IDs: 
CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
Keywords: 
curl, SASL
Description: 

Curl released version 7.62.0 fixing three vulnerabilities [1].

Airlock WAF is not affected

Details:

  • CVE-2018-16839 - SASL password overflow via integer overflow
    Affects only protocols which are disabled on Airlock WAF.
  • CVE-2018-16840 - use-after-free in handle close
    Curl is only used in a way that this use-after-free problem can not occur in Airlock WAF.
  • CVE-2018-16842 - warning message out-of-buffer read
    Only affects the command line tool of curl. Not relevant for Airlock WAF because the tool is only executed in trusted environments.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] curl security problems
© Ergon Informatik AG