Arch Linux Security Advisory ASA-201811-5

Severity: High
Date : 2018-11-06
CVE-ID : CVE-2018-16840
Package : libcurl-compat
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-800

Summary

The package libcurl-compat before version 7.62.0-1 is vulnerable to
arbitrary code execution.

Resolution

Upgrade to 7.62.0-1.

pacman -Syu “libcurl-compat>=7.62.0-1”

The problem has been fixed upstream in version 7.62.0.

Workaround

None.

Description

A heap use-after-free flaw was found in curl versions from 7.59.0
through 7.61.1 in the code related to closing an easy handle. When
closing and cleaning up an ‘easy’ handle in the Curl_close()
function, the library code first frees a struct (without nulling the
pointer) and might then subsequently erroneously write to a struct
field within that already freed struct.

Impact

A malicious remote server might be able to execute arbitrary commands
by closing the connection from a client using easy handlers.

References

https://curl.haxx.se/docs/CVE-2018-16840.html
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
https://security.archlinux.org/CVE-2018-16840