DATABASE RESOURCES PRICING ABOUT US

{"id": "FEDORA:759B2649E501", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 28 Update: curl-7.59.0-8.fc28", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "published": "2018-11-08T02:20:51", "modified": "2018-11-08T02:20:51", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CY3FMTULEN5U4BHBA4JUEBUSZRCLNHJX/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "immutableFields": [], "lastseen": "2021-07-28T14:46:50", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2018-1112", "ALAS-2019-1148", "ALAS-2019-1151", "ALAS2-2018-1029", "ALAS2-2018-1052", "ALAS2-2018-1135", "ALAS2-2019-1139", "ALAS2-2019-1162"]}, {"type": "archlinux", "idList": ["ASA-201805-13", "ASA-201805-14", "ASA-201805-15", "ASA-201805-16", "ASA-201805-17", "ASA-201805-18", "ASA-201807-10", "ASA-201807-5", "ASA-201807-6", "ASA-201807-7", "ASA-201807-8", "ASA-201807-9", "ASA-201811-4", "ASA-201811-5", "ASA-201811-6", "ASA-201811-7", "ASA-201811-8", "ASA-201811-9"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "centos", "idList": ["CESA-2018:3157", "CESA-2019:1880", "CESA-2019:2181"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:7D5B2783B5DBD6FBD3B5B832351DF6B3", "CFOUNDRY:97EB3379D0DD4B152E47A9C87B3EEA3D", "CFOUNDRY:DD23A5B6758E6355A1168BA51E212098"]}, {"type": "cve", "idList": ["CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1379-1:F3CBE", "DEBIAN:DLA-1498-1:1ACDF", "DEBIAN:DLA-1568-1:3204E", "DEBIAN:DLA-1568-1:BCC8A", "DEBIAN:DSA-4202-1:CF8D8", "DEBIAN:DSA-4286-1:21112", "DEBIAN:DSA-4331-1:5BA4B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-0500", "DEBIANCVE:CVE-2018-1000300", "DEBIANCVE:CVE-2018-1000301", "DEBIANCVE:CVE-2018-14618", "DEBIANCVE:CVE-2018-16839", "DEBIANCVE:CVE-2018-16840", "DEBIANCVE:CVE-2018-16842"]}, {"type": "fedora", "idList": ["FEDORA:06A186172F8B", "FEDORA:2B21F6087AAB", "FEDORA:346E760BB4ED", "FEDORA:34EA76087F11", "FEDORA:5C8E66094E72", "FEDORA:68AAE60937A8", "FEDORA:7CCA26069A73", "FEDORA:876686076974", "FEDORA:87D78601E81F", "FEDORA:995AF61F9AAB", "FEDORA:C34566075EEA", "FEDORA:CA8A7633DB72", "FEDORA:D8E6160F62FB"]}, {"type": "freebsd", "idList": ["04FE6C8D-2A34-4009-A81E-E7A7E759B5D2", "3849E28F-8693-11E8-9610-9C5C8E75236A", "E0AB1773-07C1-46C6-9170-4C5E81C00927", "F4D638B9-E6E5-4DBE-8C70-571DBC116174"]}, {"type": "gentoo", "idList": ["GLSA-201806-05", "GLSA-201807-04", "GLSA-201903-03"]}, {"type": "hackerone", "idList": ["H1:547630", "H1:872089"]}, {"type": "ibm", "idList": ["1F6A08C1A5D78FE77D8566232C49557E2537AA33950B848B13B0C343EBCDA602", "22C6665D00A9702426CEE593F4765FD3CD4EE170F8AA7F50D0505C6B2799BC21", "3EBBC018B9C20064FA93BD55BE600CC6490AE50FA79F34184DC280317D13D2D0", "58738F67583B73D0E5E9C05CA0953E844D2E77F068E3346BC7AE4D527FF367B2", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "89ECD262B4968A1CEAC0618400CB1E2118B5134D866FB3DB5A845EFBE37B4016", "BEB7C34BABCEDADBF3FBACF8CEAA713D4D142B24ECDEAFD9A5F0A33F67656D53", "D9D40D2511E3353489FD37F0A8FDA8372BA8FB5B1DABC3822BCFFAB3AF68F6BA", "E9C1A49043693794000D0923340F217402D1FA6EE6CB02F1F2FBFA857D52D321"]}, {"type": "ics", "idList": ["ICSA-19-099-04"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "mageia", "idList": ["MGASA-2018-0423"]}, {"type": "nessus", "idList": ["AL2_ALAS-2018-1029.NASL", "AL2_ALAS-2018-1052.NASL", "AL2_ALAS-2018-1135.NASL", "AL2_ALAS-2019-1139.NASL", "AL2_ALAS-2019-1162.NASL", "ALA_ALAS-2018-1112.NASL", "ALA_ALAS-2019-1148.NASL", "ALA_ALAS-2019-1151.NASL", "CENTOS_RHSA-2018-3157.NASL", "CENTOS_RHSA-2019-1880.NASL", "CENTOS_RHSA-2019-2181.NASL", "DEBIAN_DLA-1379.NASL", "DEBIAN_DLA-1498.NASL", "DEBIAN_DLA-1568.NASL", "DEBIAN_DSA-4202.NASL", "DEBIAN_DSA-4286.NASL", "DEBIAN_DSA-4331.NASL", "EULEROS_SA-2018-1202.NASL", "EULEROS_SA-2018-1203.NASL", "EULEROS_SA-2018-1330.NASL", "EULEROS_SA-2019-1021.NASL", "EULEROS_SA-2019-1047.NASL", "EULEROS_SA-2019-1090.NASL", "EULEROS_SA-2019-1237.NASL", "EULEROS_SA-2019-1240.NASL", "EULEROS_SA-2019-1269.NASL", "EULEROS_SA-2019-1540.NASL", "EULEROS_SA-2019-1550.NASL", "EULEROS_SA-2019-1665.NASL", "EULEROS_SA-2019-1695.NASL", "EULEROS_SA-2019-2054.NASL", "EULEROS_SA-2019-2410.NASL", "EULEROS_SA-2020-1626.NASL", "FEDORA_2018-111044D435.NASL", "FEDORA_2018-298A3D2923.NASL", "FEDORA_2018-57779D51C1.NASL", "FEDORA_2018-69BAC0F51C.NASL", "FEDORA_2018-7785911C9E.NASL", "FEDORA_2018-7F83032DE6.NASL", "FEDORA_2018-9DC7338487.NASL", "FEDORA_2018-BA443BCB6D.NASL", "FEDORA_2018-FA01002D7E.NASL", "FEDORA_2018-FDC4CA8675.NASL", "FREEBSD_PKG_04FE6C8D2A344009A81EE7A7E759B5D2.NASL", "FREEBSD_PKG_3849E28F869311E896109C5C8E75236A.NASL", "FREEBSD_PKG_E0AB177307C146C691704C5E81C00927.NASL", "FREEBSD_PKG_F4D638B9E6E54DBE8C70571DBC116174.NASL", "GENTOO_GLSA-201806-05.NASL", "GENTOO_GLSA-201807-04.NASL", "GENTOO_GLSA-201903-03.NASL", "NEWSTART_CGSL_NS-SA-2019-0039_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0171_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0182_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0193_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0235_CURL.NASL", "OPENSUSE-2018-1008.NASL", "OPENSUSE-2018-1010.NASL", "OPENSUSE-2018-1379.NASL", "OPENSUSE-2018-1383.NASL", "OPENSUSE-2018-471.NASL", "OPENSUSE-2018-589.NASL", "OPENSUSE-2018-908.NASL", "OPENSUSE-2019-1311.NASL", "OPENSUSE-2019-435.NASL", "OPENSUSE-2019-633.NASL", "OPENSUSE-2019-694.NASL", "OPENSUSE-2019-903.NASL", "ORACLELINUX_ELSA-2018-3157.NASL", "ORACLELINUX_ELSA-2019-1880.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2018.NASL", "ORACLE_OATS_CPU_JAN_2019.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "PHOTONOS_PHSA-2018-1_0-0158.NASL", "PHOTONOS_PHSA-2018-1_0-0158_CURL.NASL", "PHOTONOS_PHSA-2018-1_0-0186.NASL", "PHOTONOS_PHSA-2018-1_0-0186_CURL.NASL", "PHOTONOS_PHSA-2018-2_0-0068.NASL", "PHOTONOS_PHSA-2018-2_0-0068_CURL.NASL", "PHOTONOS_PHSA-2018-2_0-0096.NASL", "PHOTONOS_PHSA-2018-2_0-0096_CURL.NASL", "PHOTONOS_PHSA-2019-1_0-0203_CURL.NASL", "PHOTONOS_PHSA-2019-1_0-0205_CURL.NASL", "REDHAT-RHSA-2018-3157.NASL", "REDHAT-RHSA-2019-1880.NASL", "REDHAT-RHSA-2019-2181.NASL", "REDHAT-RHSA-2020-0544.NASL", "REDHAT-RHSA-2020-0594.NASL", "SLACKWARE_SSA_2018-136-01.NASL", "SLACKWARE_SSA_2018-192-02.NASL", "SLACKWARE_SSA_2018-249-01.NASL", "SLACKWARE_SSA_2018-304-01.NASL", "SL_20181030_CURL_AND_NSS_PEM_ON_SL7_X.NASL", "SL_20190729_CURL_ON_SL7_X.NASL", "SL_20190806_CURL_ON_SL7_X.NASL", "SUSE_SU-2018-1327-1.NASL", "SUSE_SU-2018-1327-2.NASL", "SUSE_SU-2018-1478-1.NASL", "SUSE_SU-2018-2423-1.NASL", "SUSE_SU-2018-2714-1.NASL", "SUSE_SU-2018-2715-1.NASL", "SUSE_SU-2018-2717-1.NASL", "SUSE_SU-2018-3608-1.NASL", "SUSE_SU-2018-3624-1.NASL", "SUSE_SU-2018-3681-1.NASL", "SUSE_SU-2019-0339-1.NASL", "SUSE_SU-2019-0996-1.NASL", "UBUNTU_USN-3648-1.NASL", "UBUNTU_USN-3710-1.NASL", "UBUNTU_USN-3765-1.NASL", "UBUNTU_USN-3805-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704202", "OPENVAS:1361412562310704286", "OPENVAS:1361412562310704331", "OPENVAS:1361412562310843525", "OPENVAS:1361412562310843590", "OPENVAS:1361412562310843701", "OPENVAS:1361412562310843802", "OPENVAS:1361412562310851750", "OPENVAS:1361412562310851892", "OPENVAS:1361412562310851984", "OPENVAS:1361412562310852036", "OPENVAS:1361412562310852067", "OPENVAS:1361412562310852115", "OPENVAS:1361412562310852120", "OPENVAS:1361412562310874596", "OPENVAS:1361412562310874598", "OPENVAS:1361412562310874825", "OPENVAS:1361412562310875050", "OPENVAS:1361412562310875089", "OPENVAS:1361412562310875243", "OPENVAS:1361412562310875313", "OPENVAS:1361412562310875689", "OPENVAS:1361412562310875984", "OPENVAS:1361412562310876088", "OPENVAS:1361412562310876475", "OPENVAS:1361412562310876863", "OPENVAS:1361412562310883093", "OPENVAS:1361412562310891379", "OPENVAS:1361412562310891498", "OPENVAS:1361412562310891568", "OPENVAS:1361412562311220181202", "OPENVAS:1361412562311220181203", "OPENVAS:1361412562311220181330", "OPENVAS:1361412562311220191021", "OPENVAS:1361412562311220191047", "OPENVAS:1361412562311220191090", "OPENVAS:1361412562311220191237", "OPENVAS:1361412562311220191240", "OPENVAS:1361412562311220191269", "OPENVAS:1361412562311220191540", "OPENVAS:1361412562311220191550", "OPENVAS:1361412562311220191665", "OPENVAS:1361412562311220191695", "OPENVAS:1361412562311220192054", "OPENVAS:1361412562311220192410", "OPENVAS:1361412562311220201626"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2019", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3157", "ELSA-2019-1880", "ELSA-2019-2181"]}, {"type": "osv", "idList": ["OSV:DLA-1379-1", "OSV:DLA-1498-1", "OSV:DLA-1568-1", "OSV:DSA-4202-1", "OSV:DSA-4286-1", "OSV:DSA-4331-1"]}, {"type": "photon", "idList": ["PHSA-2018-0068", "PHSA-2018-0158", "PHSA-2018-0186", "PHSA-2018-1.0-0158", "PHSA-2018-1.0-0186", "PHSA-2018-2.0-0068", "PHSA-2018-2.0-0096", "PHSA-2019-0128", "PHSA-2019-0203", "PHSA-2019-0205", "PHSA-2019-1.0-0203", "PHSA-2019-1.0-0205", "PHSA-2019-2.0-0128"]}, {"type": "redhat", "idList": ["RHSA-2018:2486", "RHSA-2018:3157", "RHSA-2018:3558", "RHSA-2019:1543", "RHSA-2019:1880", "RHSA-2019:2181", "RHSA-2020:0544", "RHSA-2020:0594"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-0500", "RH:CVE-2018-1000300", "RH:CVE-2018-1000301", "RH:CVE-2018-14618", "RH:CVE-2018-16839", "RH:CVE-2018-16840", "RH:CVE-2018-16842"]}, {"type": "slackware", "idList": ["SSA-2018-136-01", "SSA-2018-192-02", "SSA-2018-249-01", "SSA-2018-304-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1344-1", "OPENSUSE-SU-2018:1624-1", "OPENSUSE-SU-2018:2431-1", "OPENSUSE-SU-2018:2731-1", "OPENSUSE-SU-2018:2736-1", "OPENSUSE-SU-2018:3699-1", "OPENSUSE-SU-2018:3706-1"]}, {"type": "ubuntu", "idList": ["USN-3598-2", "USN-3648-1", "USN-3710-1", "USN-3765-1", "USN-3765-2", "USN-3805-1", "USN-3805-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-0500", "UB:CVE-2018-1000300", "UB:CVE-2018-1000301", "UB:CVE-2018-14618", "UB:CVE-2018-16839", "UB:CVE-2018-16840", "UB:CVE-2018-16842"]}, {"type": "veracode", "idList": ["VERACODE:31127"]}]}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2018-1112"]}, {"type": "archlinux", "idList": ["ASA-201805-13", "ASA-201805-14", "ASA-201805-15", "ASA-201805-16", "ASA-201805-17", "ASA-201805-18", "ASA-201807-10", "ASA-201807-5", "ASA-201807-6", "ASA-201807-7", "ASA-201807-8", "ASA-201807-9", "ASA-201811-4", "ASA-201811-5", "ASA-201811-6", "ASA-201811-7", "ASA-201811-8", "ASA-201811-9"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "centos", "idList": ["CESA-2018:3157"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:97EB3379D0DD4B152E47A9C87B3EEA3D"]}, {"type": "cve", "idList": ["CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1379-1:F3CBE", "DEBIAN:DLA-1498-1:1ACDF", "DEBIAN:DSA-4202-1:CF8D8", "DEBIAN:DSA-4286-1:21112", "DEBIAN:DSA-4331-1:5BA4B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-0500", "DEBIANCVE:CVE-2018-1000300", "DEBIANCVE:CVE-2018-1000301", "DEBIANCVE:CVE-2018-14618", "DEBIANCVE:CVE-2018-16839", "DEBIANCVE:CVE-2018-16840", "DEBIANCVE:CVE-2018-16842"]}, {"type": "fedora", "idList": ["FEDORA:06A186172F8B", "FEDORA:2B21F6087AAB", "FEDORA:346E760BB4ED", "FEDORA:34EA76087F11", "FEDORA:5C8E66094E72", "FEDORA:68AAE60937A8", "FEDORA:876686076974", "FEDORA:87D78601E81F", "FEDORA:C34566075EEA", "FEDORA:CA8A7633DB72", "FEDORA:D8E6160F62FB"]}, {"type": "freebsd", "idList": ["04FE6C8D-2A34-4009-A81E-E7A7E759B5D2", "E0AB1773-07C1-46C6-9170-4C5E81C00927"]}, {"type": "gentoo", "idList": ["GLSA-201806-05"]}, {"type": "hackerone", "idList": ["H1:547630"]}, {"type": "ibm", "idList": ["22C6665D00A9702426CEE593F4765FD3CD4EE170F8AA7F50D0505C6B2799BC21", "3EBBC018B9C20064FA93BD55BE600CC6490AE50FA79F34184DC280317D13D2D0", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "89ECD262B4968A1CEAC0618400CB1E2118B5134D866FB3DB5A845EFBE37B4016", "E9C1A49043693794000D0923340F217402D1FA6EE6CB02F1F2FBFA857D52D321"]}, {"type": "ics", "idList": ["ICSA-19-099-04"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2018-0500/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-0500/", "MSF:ILITIES/SUSE-CVE-2018-0500/", "MSF:ILITIES/UBUNTU-CVE-2018-0500/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2018-1112.NASL", "CENTOS_RHSA-2018-3157.NASL", "DEBIAN_DLA-1379.NASL", "DEBIAN_DSA-4202.NASL", "DEBIAN_DSA-4331.NASL", "EULEROS_SA-2019-2054.NASL", "FEDORA_2018-9DC7338487.NASL", "FREEBSD_PKG_04FE6C8D2A344009A81EE7A7E759B5D2.NASL", "FREEBSD_PKG_E0AB177307C146C691704C5E81C00927.NASL", "GENTOO_GLSA-201806-05.NASL", "OPENSUSE-2018-1379.NASL", "OPENSUSE-2018-1383.NASL", "OPENSUSE-2018-471.NASL", "ORACLELINUX_ELSA-2018-3157.NASL", "REDHAT-RHSA-2018-3157.NASL", "SLACKWARE_SSA_2018-136-01.NASL", "SLACKWARE_SSA_2018-304-01.NASL", "SL_20181030_CURL_AND_NSS_PEM_ON_SL7_X.NASL", "SUSE_SU-2018-1327-1.NASL", "SUSE_SU-2018-1478-1.NASL", "SUSE_SU-2018-3608-1.NASL", "SUSE_SU-2018-3681-1.NASL", "UBUNTU_USN-3648-1.NASL", "UBUNTU_USN-3805-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704202", "OPENVAS:1361412562310704331", "OPENVAS:1361412562310843525", "OPENVAS:1361412562310843802", "OPENVAS:1361412562310851750", "OPENVAS:1361412562310851984", "OPENVAS:1361412562310852036", "OPENVAS:1361412562310852067", "OPENVAS:1361412562310852115", "OPENVAS:1361412562310852120", "OPENVAS:1361412562310874596", "OPENVAS:1361412562310874598", "OPENVAS:1361412562310875243", "OPENVAS:1361412562310875313", "OPENVAS:1361412562310891379"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3157"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0158", "PHSA-2018-1.0-0186", "PHSA-2018-2.0-0068", "PHSA-2018-2.0-0096", "PHSA-2019-1.0-0203", "PHSA-2019-1.0-0205", "PHSA-2019-2.0-0128"]}, {"type": "redhat", "idList": ["RHSA-2020:0544"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-0500", "RH:CVE-2018-1000300", "RH:CVE-2018-1000301", "RH:CVE-2018-14618", "RH:CVE-2018-16839", "RH:CVE-2018-16840"]}, {"type": "slackware", "idList": ["SSA-2018-136-01", "SSA-2018-304-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1344-1", "OPENSUSE-SU-2018:3699-1", "OPENSUSE-SU-2018:3706-1"]}, {"type": "ubuntu", "idList": ["USN-3598-2", "USN-3648-1", "USN-3805-1", "USN-3805-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-0500", "UB:CVE-2018-1000300", "UB:CVE-2018-1000301", "UB:CVE-2018-14618", "UB:CVE-2018-16839", "UB:CVE-2018-16840", "UB:CVE-2018-16842"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-0500", "epss": "0.018660000", "percentile": "0.865490000", "modified": "2023-03-16"}, {"cve": "CVE-2018-1000300", "epss": "0.016750000", "percentile": "0.857150000", "modified": "2023-03-16"}, {"cve": "CVE-2018-1000301", "epss": "0.009050000", "percentile": "0.803210000", "modified": "2023-03-16"}, {"cve": "CVE-2018-14618", "epss": "0.023380000", "percentile": "0.880400000", "modified": "2023-03-16"}, {"cve": "CVE-2018-16839", "epss": "0.010700000", "percentile": "0.819650000", "modified": "2023-03-16"}, {"cve": "CVE-2018-16840", "epss": "0.008340000", "percentile": "0.794390000", "modified": "2023-03-16"}, {"cve": "CVE-2018-16842", "epss": "0.011280000", "percentile": "0.824600000", "modified": "2023-03-16"}], "vulnersScore": -0.0}, "_state": {"dependencies": 1660032824, "score": 1684007085, "epss": 1679056058}, "_internal": {"score_hash": "7336d01804a7b45a6efae299beb959cf"}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "28", "arch": "any", "packageVersion": "7.59.0", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "curl"}]}

{"fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-21T03:14:20", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: curl-7.59.0-9.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2018-11-21T03:14:20", "id": "FEDORA:34EA76087F11", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UJDKXZW43FFRCVV6EVUWTG3DGR4KM2QK/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-09T09:40:59", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: curl-7.59.0-7.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-14618"], "modified": "2018-09-09T09:40:59", "id": "FEDORA:C34566075EEA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HQLB73JQDITJ7NUFXPGCGRGND3ZIZUBA/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T05:17:14", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-5.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2018-11-17T05:17:14", "id": "FEDORA:346E760BB4ED", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZEGOZ7DM5AZNAJXBXUHXPQ5NTK3LLKU4/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-07T02:43:04", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-4.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2018-11-07T02:43:04", "id": "FEDORA:06A186172F8B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HGIHNGTPVOH6I4BPWISJJYJ57OV6WETQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-17T15:19:09", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: curl-7.59.0-5.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-07-17T15:19:09", "id": "FEDORA:CA8A7633DB72", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XTD5Q5WNK66JBAMLLVQITV7QBTOR4NW6/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-24T04:34:18", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-7.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-20483"], "modified": "2019-01-24T04:34:18", "id": "FEDORA:876686076974", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AMBI4JRD6CXI7BO7EF3SHBEPARNL4ZBQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-22T15:08:59", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: curl-7.59.0-3.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-05-22T15:08:59", "id": "FEDORA:2B21F6087AAB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DOHQJ7DDUE5U4L6FHSUVPFQ7TAZLWSMI/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-12T02:58:21", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-8.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T02:58:21", "id": "FEDORA:D8E6160F62FB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WW4KA7SPW75NPMMSYVK4UCCHU4DAPJ4Y/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-09T02:58:45", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-11.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5435", "CVE-2019-5436"], "modified": "2019-06-09T02:58:45", "id": "FEDORA:995AF61F9AAB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-21T05:43:07", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618"], "modified": "2018-09-21T05:43:07", "id": "FEDORA:68AAE60937A8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U5G3VEUMIDKF5W2HXWFO5JBDLZYZNABW/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-298a3d2923", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-1000301", "CVE-2018-16842"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_298a3d2923_curl_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-298a3d2923\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875313\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-14618\", \"CVE-2018-0500\", \"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:24:10 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for curl FEDORA-2018-298a3d2923\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-298a3d2923\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJDKXZW43FFRCVV6EVUWTG3DGR4KM2QK\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2018-298a3d2923 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"curl on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.59.0~9.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-fdc4ca8675", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-1000301", "CVE-2018-16842"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fdc4ca8675_curl_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-fdc4ca8675\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875243\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2018-14618\", \"CVE-2018-0500\", \"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-08 06:36:51 +0100 (Thu, 08 Nov 2018)\");\n script_name(\"Fedora Update for curl FEDORA-2018-fdc4ca8675\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fdc4ca8675\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY3FMTULEN5U4BHBA4JUEBUSZRCLNHJX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2018-fdc4ca8675 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"curl on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.59.0~8.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-11T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-111044d435", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2018-1000301"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875050", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_111044d435_curl_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-111044d435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875050\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-11 07:24:18 +0200 (Tue, 11 Sep 2018)\");\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-0500\", \"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-111044d435\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-111044d435\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQLB73JQDITJ7NUFXPGCGRGND3ZIZUBA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.59.0~7.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:3706-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852115", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852115\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:58:19 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:3706-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3706-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00012.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2018:3706-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n - CVE-2018-16839: A SASL password overflow via integer overflow was fixed\n which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close was fixed which\n could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\n could lead to crashes (bsc#1113660)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1379=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini\", rpm:\"curl-mini~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debuginfo\", rpm:\"curl-mini-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debugsource\", rpm:\"curl-mini-debugsource~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-mini-devel\", rpm:\"libcurl-mini-devel~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini\", rpm:\"libcurl4-mini~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini-debuginfo\", rpm:\"libcurl4-mini-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit-debuginfo\", rpm:\"libcurl4-32bit-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-7785911c9e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876088", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876088\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:34:09 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2018-7785911c9e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7785911c9e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGIHNGTPVOH6I4BPWISJJYJ57OV6WETQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2018-7785911c9e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3805-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3805_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for curl USN-3805-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843802\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 06:05:25 +0100 (Thu, 01 Nov 2018)\");\n script_name(\"Ubuntu Update for curl USN-3805-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3805-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3805-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the USN-3805-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\npresent on the target host.\");\n\n script_tag(name:\"insight\", value:\"Harry Sintonen discovered that curl incorrectly\nhandled SASL authentication. A remote attacker could use this issue to cause curl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2018-16839)\n\nBrian Carpenter discovered that curl incorrectly handled memory when\nclosing certain handles. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2018-16840)\n\nBrian Carpenter discovered that the curl command-line tool incorrectly\nhandled error messages. A remote attacker could possibly use this issue to\nobtain sensitive information. (CVE-2018-16842)\");\n\n script_tag(name:\"affected\", value:\"curl on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-57779d51c1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874825", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874825", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_57779d51c1_curl_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-57779d51c1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874825\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-18 06:08:32 +0200 (Wed, 18 Jul 2018)\");\n script_cve_id(\"CVE-2018-0500\", \"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-57779d51c1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-57779d51c1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XTD5Q5WNK66JBAMLLVQITV7QBTOR4NW6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.59.0~5.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-427a0ba9e3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875984", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875984", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875984\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:30:30 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-427a0ba9e3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-427a0ba9e3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AMBI4JRD6CXI7BO7EF3SHBEPARNL4ZBQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-427a0ba9e3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~7.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:35", "description": "Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16839\nHarry Sintonen discovered that, on systems with a 32 bit size_t, an\ninteger overflow would be triggered when a SASL user name longer\nthan 2GB is used. This would in turn cause a very small buffer to be\nallocated instead of the intended very huge one, which would trigger\na heap buffer overflow when the buffer is used.\n\nCVE-2018-16842\nBrian Carpenter discovered that the logic in the curl tool to wrap\nerror messages at 80 columns is flawed, leading to a read buffer\noverflow if a single word in the message is itself longer than 80\nbytes.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4331-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4331-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704331\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16842\");\n script_name(\"Debian Security Advisory DSA 4331-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-02 00:00:00 +0100 (Fri, 02 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4331.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u8.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16839\nHarry Sintonen discovered that, on systems with a 32 bit size_t, an\ninteger overflow would be triggered when a SASL user name longer\nthan 2GB is used. This would in turn cause a very small buffer to be\nallocated instead of the intended very huge one, which would trigger\na heap buffer overflow when the buffer is used.\n\nCVE-2018-16842\nBrian Carpenter discovered that the logic in the curl tool to wrap\nerror messages at 80 columns is flawed, leading to a read buffer\noverflow if a single word in the message is itself longer than 80\nbytes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:40:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:1624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852067", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852067\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:41:02 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:1624-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1624-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00015.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2018:1624-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl to version 7.60.0 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down\n an FTP connection with very long server command replies (bsc#1092094).\n\n - CVE-2018-1000301: Prevent buffer over-read that could have cause reading\n data beyond the end of a heap based buffer used to store downloaded RTSP\n content (bsc#1092098).\n\n These non-security issues were fixed:\n\n - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol\n\n - Add --haproxy-protocol for the command line tool\n\n - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses\n\n - FTP: fix typo in recursive callback detection for seeking\n\n - test1208: marked flaky\n\n - HTTP: make header-less responses still count correct body size\n\n - user-agent.d:: mention --proxy-header as well\n\n - http2: fixes typo\n\n - cleanup: misc typos in strings and comments\n\n - rate-limit: use three second window to better handle high speeds\n\n - examples/hiperfifo.c: improved\n\n - pause: when changing pause state, update socket state\n\n - curl_version_info.3: fix ssl_version description\n\n - add_handle/easy_perform: clear errorbuffer on start if set\n\n - cmake: add support for brotli\n\n - parsedate: support UT timezone\n\n - vauth/ntlm.h: fix the #ifdef header guard\n\n - lib/curl_path.h: added #ifdef header guard\n\n - vauth/cleartext: fix integer overflow check\n\n - CURLINFO_COOKIELIST.3: made the example not leak memory\n\n - cookie.d: mention that '-' as filename means stdin\n\n - CURLINFO_SSL_VERIFYRESULT.3: fixed the example\n\n - http2: read pending frames (including GOAWAY) in connection-check\n\n - timeval: remove compilation warning by casting\n\n - cmake: avoid warn-as-error during config checks\n\n - travis-ci: enable -Werror for CMake builds\n\n - openldap: fix for NULL return from ldap_get_attribute_ber()\n\n - threaded resolver: track resolver time and set suitable timeout values\n\n - cmake: Add advapi32 as explicit link library for win32\n\n - docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T\n\n - test1148: set a fixed locale for the test\n\n - cookies: when reading from a file, only remove_expired once\n\n - cookie: store cookies per top-level-domain-specific hash table\n\n - openssl: RESTORED verify locations when verifypeer==0\n\n - file: restore old behavior for file:////foo/bar URLs\n\n - FTP: allow PASV on IPv6 connections when a proxy is being used\n\n - build-openssl.bat: allow custom paths for VS and perl\n\n - winbuild: make the clean target work without build-type\n\n - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15\n\n - curl: r ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini\", rpm:\"curl-mini~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debuginfo\", rpm:\"curl-mini-debuginfo~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debugsource\", rpm:\"curl-mini-debugsource~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-mini-devel\", rpm:\"libcurl-mini-devel~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini\", rpm:\"libcurl4-mini~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini-debuginfo\", rpm:\"libcurl4-mini-debuginfo~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit-debuginfo\", rpm:\"libcurl4-32bit-debuginfo~7.60.0~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-23T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-fa01002d7e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874596", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fa01002d7e_curl_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-fa01002d7e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874596\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:52:11 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-fa01002d7e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fa01002d7e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOHQJ7DDUE5U4L6FHSUVPFQ7TAZLWSMI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.59.0~3.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:40:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:3699-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852120", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852120\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:59:36 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:3699-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3699-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00009.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2018:3699-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n - CVE-2018-16840: A use after free in closing SASL handles was fixed\n (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\n could lead to crashes (bsc#1113660)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1383=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo-32bit\", rpm:\"libcurl4-debuginfo-32bit~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3648-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000303", "CVE-2018-1000301"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3648_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for curl USN-3648-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843525\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-17 05:36:50 +0200 (Thu, 17 May 2018)\");\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000303\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for curl USN-3648-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dario Weisser discovered that curl incorrectly\nhandled long FTP server command replies. If a user or automated system were tricked\ninto connecting to a malicious FTP server, a remote attacker could use this issue\nto cause curl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.\n(CVE-2018-1000300)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP responses.\nIf a user or automated system were tricked into connecting to a malicious\nserver, a remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly obtain sensitive information.\n(CVE-2018-1000301)\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3648-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3648-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.35.0-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.35.0-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.35.0-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.35.0-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.35.0-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.35.0-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.55.1-1ubuntu2.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.55.1-1ubuntu2.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.55.1-1ubuntu2.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.55.1-1ubuntu2.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.55.1-1ubuntu2.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.55.1-1ubuntu2.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.55.1-1ubuntu2.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.58.0-2ubuntu3.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.58.0-2ubuntu3.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.58.0-2ubuntu3.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.58.0-2ubuntu3.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.58.0-2ubuntu3.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4:amd64\", ver:\"7.58.0-2ubuntu3.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4:i386\", ver:\"7.58.0-2ubuntu3.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.47.0-1ubuntu2.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.47.0-1ubuntu2.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.47.0-1ubuntu2.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.47.0-1ubuntu2.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.47.0-1ubuntu2.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.47.0-1ubuntu2.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-43489941ff", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16840", "CVE-2018-16890", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875689", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875689\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:16:16 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-43489941ff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-43489941ff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW4KA7SPW75NPMMSYVK4UCCHU4DAPJ4Y\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-43489941ff advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~8.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-12T20:42:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-10T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-697de0501f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5435", "CVE-2019-3823", "CVE-2018-16840", "CVE-2019-5436", "CVE-2018-16890", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310876475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876475", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876475\");\n script_version(\"2019-06-11T06:16:55+0000\");\n script_cve_id(\"CVE-2019-5436\", \"CVE-2019-5435\", \"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-11 06:16:55 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-10 02:09:35 +0000 (Mon, 10 Jun 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-697de0501f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-697de0501f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-697de0501f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~11.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1090)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191090", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1090\");\n script_version(\"2020-01-23T11:30:51+0000\");\n script_cve_id(\"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:30:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:30:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1090)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1090\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1090\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1090 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h23\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h23\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h23\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:10", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191269", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1269\");\n script_version(\"2020-01-23T11:36:59+0000\");\n script_cve_id(\"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:36:59 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:36:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1269)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1269\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1269\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1269 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.CVE-2018-16842\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h31\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h31\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3765-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843701", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3765_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for curl USN-3765-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843701\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:08:44 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for curl USN-3765-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3765-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3765-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the USN-3765-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that curl incorrectly handled certain inputs.\nAn attacker could possibly use this to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"curl on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.17\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.35.0-1ubuntu2.17\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.35.0-1ubuntu2.17\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.35.0-1ubuntu2.17\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.58.0-2ubuntu3.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.58.0-2ubuntu3.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.58.0-2ubuntu3.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.58.0-2ubuntu3.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.47.0-1ubuntu2.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.47.0-1ubuntu2.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.47.0-1ubuntu2.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:55:24", "description": "Zhaoyang Wu discovered that cURL, an URL transfer library, contains a\nbuffer overflow in the NTLM authentication code triggered by passwords\nthat exceed 2GB in length on 32bit systems.", "cvss3": {}, "published": "2018-09-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4286-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704286", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704286", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4286-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704286\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-14618\");\n script_name(\"Debian Security Advisory DSA 4286-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-09-05 00:00:00 +0200 (Wed, 05 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4286.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u7.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Zhaoyang Wu discovered that cURL, an URL transfer library, contains a\nbuffer overflow in the NTLM authentication code triggered by passwords\nthat exceed 2GB in length on 32bit systems.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n script_xref(name:\"URL\", value:\"https://curl.haxx.se/docs/CVE-2018-14618.html\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:37:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:2731-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852036", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852036\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:36:09 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:2731-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2731-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00030.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2018:2731-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n This security issue was fixed:\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code\n (bsc#1106019)\n\n This non-security issue was fixed:\n\n - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes\n due to openssl engines conflicts (bsc#1086367)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1010=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini\", rpm:\"curl-mini~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debuginfo\", rpm:\"curl-mini-debuginfo~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debugsource\", rpm:\"curl-mini-debugsource~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-mini-devel\", rpm:\"libcurl-mini-devel~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini\", rpm:\"libcurl4-mini~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini-debuginfo\", rpm:\"libcurl4-mini-debuginfo~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit-debuginfo\", rpm:\"libcurl4-32bit-debuginfo~7.60.0~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:32:49", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191047", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1047\");\n script_version(\"2020-01-23T11:28:55+0000\");\n script_cve_id(\"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:28:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:28:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1047)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1047\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1047\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1047 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-09T12:39:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-01T00:00:00", "type": "openvas", "title": "CentOS Update for curl CESA-2019:1880 centos7 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2019-08-08T00:00:00", "id": "OPENVAS:1361412562310883093", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883093", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883093\");\n script_version(\"2019-08-08T09:10:13+0000\");\n script_cve_id(\"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-08 09:10:13 +0000 (Thu, 08 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-01 02:01:03 +0000 (Thu, 01 Aug 2019)\");\n script_name(\"CentOS Update for curl CESA-2019:1880 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:1880\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-July/023377.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the CESA-2019:1880 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nSecurity Fix(es):\n\n * curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n * curl crashes on http links with rate-limit (BZ#1711914)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~51.el7_6.3\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~51.el7_6.3\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~51.el7_6.3\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:06:53", "description": "It was discovered that there was a an integer overflow vulnerability in\ncurl, a command line tool for transferring data over HTTP, etc.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-1498-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891498", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891498\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-14618\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-1498-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-10 00:00:00 +0200 (Mon, 10 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00008.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in curl version\n7.38.0-4+deb8u12.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there was a an integer overflow vulnerability in\ncurl, a command line tool for transferring data over HTTP, etc.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:55:56", "description": "OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer\nlibrary, could be tricked into reading data beyond the end of a heap\nbased buffer when parsing invalid headers in an RTSP response.", "cvss3": {}, "published": "2018-05-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4202-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000301"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704202", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4202-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704202\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-1000301\");\n script_name(\"Debian Security Advisory DSA 4202-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-16 00:00:00 +0200 (Wed, 16 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4202.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB[89]\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 7.38.0-4+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u6.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer\nlibrary, could be tricked into reading data beyond the end of a heap\nbased buffer when parsing invalid headers in an RTSP response.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:40:37", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191695", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1695\");\n script_version(\"2020-01-23T12:20:12+0000\");\n script_cve_id(\"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:12 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1695)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1695\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1695\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1695 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h11\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h11\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-06-04T16:42:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-19T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:1344-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000301"], "modified": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562310851750", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851750", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851750\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-19 05:43:10 +0200 (Sat, 19 May 2018)\");\n script_cve_id(\"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:1344-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes several issues:\n\n Security issues fixed:\n\n - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash\n the curl client (bsc#1092098)\n\n Non security issues fixed:\n\n - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher\n alias before failing. (bsc#1086825)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-471=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1344-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00083.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo-32bit\", rpm:\"libcurl4-debuginfo-32bit~7.37.0~36.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191021", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1021\");\n script_version(\"2020-01-23T11:27:49+0000\");\n script_cve_id(\"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:27:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:27:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1021)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1021\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1021\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1021 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h10.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h10.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~46.h10.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:40:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:2736-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851892", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851892\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-16 07:52:25 +0200 (Sun, 16 Sep 2018)\");\n script_cve_id(\"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:2736-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n This security issue was fixed:\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code\n (bsc#1106019)\n\n This non-security issue was fixed:\n\n - Fixed erroneous debug message when paired with OpenSSL (bsc#1089533)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1008=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2736-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo-32bit\", rpm:\"libcurl4-debuginfo-32bit~7.37.0~39.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-22T01:47:45", "description": "## Summary\n\nIBM Event Streams is affected by the following vulnerabilities in the included cURL application. \n \n\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>) \n**DESCRIPTION: ** cURL is vulnerable to a denial of service, caused by a heap use-after-free flaw in the Curl_close function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152299> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n**DESCRIPTION: ** cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n**CVEID: **[CVE-2018-16839](<https://vulners.com/cve/CVE-2018-16839>) \n**DESCRIPTION: ** cURL is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the Curl_auth_create_plain_message function. By sending a specially-crafted request, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152298> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Event Streams 2018.3.0\n\n## Remediation/Fixes\n\nUpgrade to IBM Event Streams version 2018.3.1. You can download version 2018.3.1 from IBM Passport Advantage: <https://www.ibm.com/software/passportadvantage/pao_customer.html>.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-17T16:15:01", "type": "ibm", "title": "Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2018-12-17T16:15:01", "id": "BEB7C34BABCEDADBF3FBACF8CEAA713D4D142B24ECDEAFD9A5F0A33F67656D53", "href": "https://www.ibm.com/support/pages/node/787513", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:39:06", "description": "## Summary\n\nMultiple Vulnerabilities in libCurl affects IBM Watson Studio Local\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-5435](<https://vulners.com/cve/CVE-2019-5435>) \n** DESCRIPTION: **An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n** CVEID: **[CVE-2019-5436](<https://vulners.com/cve/CVE-2019-5436>) \n** DESCRIPTION: **A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n** CVEID: **[CVE-2018-16839](<https://vulners.com/cve/CVE-2018-16839>) \n** DESCRIPTION: **Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>) \n** DESCRIPTION: **A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152299](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152299>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-1000301](<https://vulners.com/cve/CVE-2018-1000301>) \n** DESCRIPTION: **curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl &lt; 7.20.0 and curl &gt;= 7.60.0. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143390](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143390>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-1000300](<https://vulners.com/cve/CVE-2018-1000300>) \n** DESCRIPTION: **curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl&lt; 7.54.1 and curl &gt;= 7.60.0. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143388](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143388>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n** CVEID: **[CVE-2018-14618](<https://vulners.com/cve/CVE-2018-14618>) \n** DESCRIPTION: **curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-0500](<https://vulners.com/cve/CVE-2018-0500>) \n** DESCRIPTION: **Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/146198](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146198>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Studio - Local| 1.2.3 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Watson Studio Local| 2.1| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \nIBM Cloud Pak for Data| 2.5| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-20T13:58:51", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8816", "CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2019-5435", "CVE-2019-5436"], "modified": "2019-12-20T13:58:51", "id": "874F8E6A5239ED9E35FE02AC8B09D496B7FEDA60C7FEFCF04B0223997BC26FBB", "href": "https://www.ibm.com/support/pages/node/1143490", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-24T01:39:24", "description": "## Summary\n\nRHEL Server is shipped as a component of PPIM. Information about a security vulnerability affecting RHEL Server has been published in a Red Hat errata.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-16839](<https://vulners.com/cve/CVE-2018-16839>) \n** DESCRIPTION: **Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n** DESCRIPTION: **Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152300](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152300>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>) \n** DESCRIPTION: **A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152299](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152299>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected product remediation \n---|--- \n \n * PurePower Integrated Manager Appliance 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4\n * * PurePower Integrated Manager Service Appliance 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4\n * * PurePower Integrated Manager Power VC Appliance 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4\n * * PurePower Integrated Manager KVM Host 1.1.0 , 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4\n| Red Hat RHEL Server (v.7) errata:[RHSA-2019:2181](<https://access.redhat.com/errata/RHSA-2019:2181>) \n \n\n\n## Remediation/Fixes\n\nFollow the instructions in the Red Hat errata listed above for Red Hat Enterprise Linux Server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-20T08:47:33", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Red Hat&#174; Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2019-12-20T08:47:33", "id": "7CD16492F6B0AE2BDD52B4B09B1DD7ACDD536B78903B9B545E6794CA7D669667", "href": "https://www.ibm.com/support/pages/node/1119213", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:28", "description": "## Summary\n\nIBM Flex System Chassis Management Module (CMM) has addressed the following vulnerabilities in cURL.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-14618](<https://vulners.com/cve/CVE-2018-14618>) \n**DESCRIPTION:** cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the NTLM authentication code. By sending an overly long password, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149359>\n\nfor the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>) \n**DESCRIPTION:** cURL is vulnerable to a denial of service, caused by a heap use-after-free flaw in the Curl_close function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152299> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n**DESCRIPTION:** cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM Flex System Chassis Management Module (CMM)\n\n| \n\n2PET \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM Flex System Chassis Management Module (CMM) \n(ibm_fw_cmm_2pet18a-2.5.14a_anyos_noarch)\n\n| \n\n2pet18a-2.5.14a \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-26T19:20:01", "type": "ibm", "title": "Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2019-03-26T19:20:01", "id": "179593D782AA2C283059BE55EC44E403C91ED366884E12EB5774C3E6BA8361EB", "href": "https://www.ibm.com/support/pages/node/870676", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:47:25", "description": "## Summary\n\nIBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in cURL.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>) \n**DESCRIPTION:** cURL is vulnerable to a denial of service, caused by a heap use-after-free flaw in the Curl_close function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152299> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n**DESCRIPTION:** cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM Dynamic System Analysis (DSA) Preboot \n\n| \n\n9.6 \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM Dynamic System Analysis (DSA) Preboot \n(ibm_fw_dsa_dsyte2z-9.65_anyos_32-64)\n\n| \n\ndsyte2z-9.65 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-23T21:30:01", "type": "ibm", "title": "Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2019-04-23T21:30:01", "id": "1A8848ED32CCEEC14EF93A860F976A866EA641647A5954C0833499A9106D70CD", "href": "https://www.ibm.com/support/pages/node/882106", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:55", "description": "## Summary\n\nIBM Advanced Management Module (AMM) has addressed the following vulnerabilities in cURL.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n**DESCRIPTION:** cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>) \n**DESCRIPTION:** cURL is vulnerable to a denial of service, caused by a heap use-after-free flaw in the Curl_close function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152299> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \nIBM BladeCenter Advanced Management Module (AMM) \n| BPET \n \nIBM BladeCenter T Advanced Management Module (AMM) \n\n\n| BBET \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM BladeCenter Advanced Management Module (AMM)\n\n(ibm_fw_amm_bpet68l-3.68l_anyos_noarch) )\n\n| bpet68l-3.68l \n \nIBM BladeCenter T Advanced Management Module (AMM) \n(ibm_fw_amm_bbet68l-3.68l_anyos_noarch)\n\n| bbet68l-3.68l \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-11T20:35:01", "type": "ibm", "title": "Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2019-04-11T20:35:01", "id": "96A9A7D0CBFCA2DBD77AA4BDF78EB1E66DF5739084BBD47A49C8BF490BD43D4E", "href": "https://www.ibm.com/support/pages/node/878574", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:47:03", "description": "## Summary\n\nIBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerability in cURL. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1000301](<https://vulners.com/cve/CVE-2018-1000301>) \n**DESCRIPTION:** curl is vulnerable to a denial of service, caused by heap-based buffer over-read. By sending a specially crafted RTSP response, a remote attacker could overflow a buffer and possibly obtain sensitive information or cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143390> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM BladeCenter Advanced Management Module (AMM)\n\n| \n\nBPET \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: [http://www.ibm.com/support/fixcentral/](<http://www.ibm.com/support/fixcentral/>)\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM BladeCenter Advanced Management Module (AMM) \n(ibm_fw_amm_bpet68k-3.68k_anyos_noarch)\n\n| \n\nbpet68k-3.68k \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-10-03T21:30:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000301"], "modified": "2018-10-03T21:30:01", "id": "73C65E28F379857EF369D459E2F0EC2087C7E09481C7AEA403AA0461EAF81FD9", "href": "https://www.ibm.com/support/pages/node/733947", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-02-21T21:45:42", "description": "## Summary\n\nThe Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>) \n**DESCRIPTION: ** cURL is vulnerable to a denial of service, caused by a heap use-after-free flaw in the Curl_close function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152299> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected IBM ILOG CPLEX Optimization Studio | Affected Versions \n---|--- \nIBM ILOG CPLEX Optimization Studio | 12.8 \n \n## Remediation/Fixes\n\nPlease replace the initial DLL version 7.54.1.0 with the [fixed version 7.60.0.0 available on Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+CPLEX+Optimization+Studio&release=12.8&platform=All&function=fixId&fixids=12.8-DO-COS-Windows-x86_64-libcurl-fix+&includeSupersedes=0>). \nMD checksum: 04e1fe45fce57cd33a7b803230d06c35 \n \nFor information, here is the path of the DLL:\n \n \n <Installation directory>\\cplex\\bin\\x64_win64\\libcurl.dll\n\n## Workarounds and Mitigations\n\nThere is no workaround or mitigation.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-19T15:50:02", "type": "ibm", "title": "Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2018-16840)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16840"], "modified": "2018-11-19T15:50:02", "id": "6A4EC4BECB53D9A912BE00FC7FF781806AB60067EB0ABF0C3C73C4585DB7B09E", "href": "https://www.ibm.com/support/pages/node/739961", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:22", "description": "## Summary\n\nIBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerability in cURL.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-14618](<https://vulners.com/cve/CVE-2018-14618>) \n**DESCRIPTION:** cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the NTLM authentication code. By sending an overly long password, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149359>\n\nfor the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM Dynamic System Analysis (DSA) Preboot \n\n| \n\n9.6 \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM Dynamic System Analysis (DSA) Preboot \n(ibm_fw_dsa_dsyte2z-9.65_anyos_32-64)\n\n| \n\ndsyte2z-9.65 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-25T12:35:01", "type": "ibm", "title": "Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in cURL (CVE-2018-14618)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618"], "modified": "2019-04-25T12:35:01", "id": "69133C0486345513C1F477C0E37AFEC8C6F6F9F77A50A920CEF30DD571C38D54", "href": "https://www.ibm.com/support/pages/node/870800", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T01:46:25", "description": "## Summary\n\nA vulnerability was identified in cURL that could allow a remote attacker to obtain sensitive information. cURL is included in the IBM MQ Advanced CloudPak for IBM Cloud Private on RedHat OpenShift.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n**DESCRIPTION:** cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n## Affected Products and Versions\n\n_**IBM MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)**_\n\nv2.1.0 - v 2.3.1\n\n## Remediation/Fixes\n\n_**IBM MQ Advanced Cloud Pak (RedHat OpenShift)**_\n\n[Apply Fix IBM-MQ-Adv-Cloud-Pak-2.3.2-RHOS to upgrade to version v2.3.2](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.1.2&platform=Linux+64-bit,x86_64&function=fixId&fixids=IBM-MQ-Adv-Cloud-Pak-2.3.2-RHOS&includeRequisites=0&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-05-07T17:15:01", "type": "ibm", "title": "Security Bulletin: IBM MQ Advanced Cloud Pak is vulnerable to a buffer overflow in the curl command (CVE-2018-16842)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16842"], "modified": "2019-05-07T17:15:01", "id": "743FD9219DA45EB0A3A8C6420C1538B9917F88141E7D827E64353235C7304C09", "href": "https://www.ibm.com/support/pages/node/744735", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-02-24T05:42:30", "description": "## Summary\n\nVulnerability in Curl used in OS image for RedHat Enterprise Linux in Cloud Pak System. OS image for RedHat Enterprise Linux has addresssd vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n** DESCRIPTION: **cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152300](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152300>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak System| 2.3 \nOS Image for RedHat Enterprise Linux | \n\nV3.0.10.0\n\nV3.0.11.0\n\nV3.0.12.0\n\nV3.0.13.0 \n \n \n\n\n## Remediation/Fixes\n\nFor Cloud Pak System V2.2.5 - V2.2.6, V2.3.0.1 \n\nfor OS Image for Red Hat Linux using RHEL V7,\n\n\\- from your VM run yum update as appropriate\n\nOR\n\nApply Cloud Pak System v2.3.1.1\n\nInformation on upgrading can be found here: <http://www.ibm.com/support/docview.wss?uid=ibm10887959>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-05-06T12:02:05", "type": "ibm", "title": "Security Bulletin: Vulnerability in Curl used in OS image for RedHat Enterprise Linux for Cloud Pak System (CVE-2018-16842)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16842"], "modified": "2020-05-06T12:02:05", "id": "7D076961606391AE7FCA9AC98635D4232BDB6CC8FB5C9FA19C977FA07C6EBB75", "href": "https://www.ibm.com/support/pages/node/5690798", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-02-23T21:49:25", "description": "## Summary\n\nIBM Cloud Private fluentd component is vulnerable to multiple security vulnerabilities\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-16396](<https://vulners.com/cve/CVE-2018-16396>) \n**DESCRIPTION:** Ruby could allow a remote attacker to bypass security restrictions, caused by the failure to properly check security controls. By sending a specially crafted Array#pack and String#unpack array, an attacker could exploit this vulnerability to bypass security controls on the target system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153078> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-16395](<https://vulners.com/cve/CVE-2018-16395>) \n**DESCRIPTION:** Ruby could allow a remote attacker to bypass security restrictions, caused by a flaw when comparing two OpenSSL::X509::Name objects using == in the OpenSSL library. By sending specially-crafted arguments, an attacker could exploit this vulnerability to to create an illegitimate certificate that may be accepted as legitimate. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-14618](<https://vulners.com/cve/CVE-2018-14618>) \n**DESCRIPTION:** cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the NTLM authentication code. By sending an overly long password, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149359> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>) \n**DESCRIPTION:** cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [CVE-2018-16839](<https://vulners.com/cve/CVE-2018-16839>) \n**DESCRIPTION:** cURL is vulnerable to a denial of service, caused by the incorrect verification of the passed-in lengths for the name and password fields by the Curl_auth_create_plain_message function. By sending a user name that exceeds 2 GB, an attacker could overflow a buffer and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145455>) 152298 for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0737](<https://vulners.com/cve/CVE-2018-0737>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141679> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-0735](<https://vulners.com/cve/CVE-2018-0735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the ECDSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152086> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-0734](<https://vulners.com/cve/CVE-2018-0734>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152085> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-0732](<https://vulners.com/cve/CVE-2018-0732>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-5407](<https://vulners.com/cve/CVE-2018-5407>) \n**DESCRIPTION:** Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on Simultaneous Multithreading (SMT) architecture. By using the PortSmash new side-channel attack, an attacker could run a malicious process next to legitimate processes using the architectures parallel thread running capabilities to leak encrypted data from the CPU's internal processes. Note: This vulnerability is known as PortSmash. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152484> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cloud Private 3.1.2\n\n## Remediation/Fixes\n\nFor IBM Cloud Private 3.1.2, apply patch\n\n * [IBM Cloud Private 3.1.2.0 Patch - fluentd](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.1.2-build512181&includeSupersedes=0>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T18:05:01", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private - fluentd", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-14618", "CVE-2018-16395", "CVE-2018-16396", "CVE-2018-16839", "CVE-2018-16842", "CVE-2018-5407"], "modified": "2019-02-12T18:05:01", "id": "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "href": "https://www.ibm.com/support/pages/node/870936", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:25:18", "description": "A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.\n(CVE-2018-16840)\n\nCurl is vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. (CVE-2018-16839)\n\nCurl is vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. (CVE-2018-16842)", "cvss3": {}, "published": "2019-01-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2019-1148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/121369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1148.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121369);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"ALAS\", value:\"2019-1148\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2019-1148)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap use-after-free flaw was found in curl related to closing an\neasy handle. When closing and cleaning up an 'easy' handle in the\n`Curl_close()` function, the library code first frees a struct\n(without nulling the pointer) and might then subsequently erroneously\nwrite to a struct field within that already freed struct.\n(CVE-2018-16840)\n\nCurl is vulnerable to a buffer overrun in the SASL authentication code\nthat may lead to denial of service. (CVE-2018-16839)\n\nCurl is vulnerable to a heap-based buffer over-read in the\ntool_msgs.c:voutf() function that may result in information exposure\nand denial of service. (CVE-2018-16842)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1148.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.53.1-16.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.53.1-16.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.53.1-16.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.53.1-16.86.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:31", "description": "This update for curl fixes the following issues :\n\nCVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:3624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:curl-mini", "p-cpe:/a:novell:suse_linux:curl-mini-debuginfo", "p-cpe:/a:novell:suse_linux:curl-mini-debugsource", "p-cpe:/a:novell:suse_linux:libcurl-devel", "p-cpe:/a:novell:suse_linux:libcurl-mini-devel", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-mini", "p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-3624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3624-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120154);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:3624-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nCVE-2018-16839: A SASL password overflow via integer overflow was\nfixed which could lead to crashes (bsc#1112758)\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed which\ncould lead to crashes (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\ncould lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16842/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183624-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ee817b0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2018-2578=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2578=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:55", "description": "- SASL password overflow via integer overflow (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : curl (2018-fdc4ca8675)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-FDC4CA8675.NASL", "href": "https://www.tenable.com/plugins/nessus/120934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fdc4ca8675.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120934);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"FEDORA\", value:\"2018-fdc4ca8675\");\n\n script_name(english:\"Fedora 28 : curl (2018-fdc4ca8675)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - SASL password overflow via integer overflow\n (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr\n (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdc4ca8675\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"curl-7.59.0-8.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:01", "description": "Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839)\n\nBrian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840)\n\nBrian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3805-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl4", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3805-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3805-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118591);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"USN\", value:\"3805-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3805-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Harry Sintonen discovered that curl incorrectly handled SASL\nauthentication. A remote attacker could use this issue to cause curl\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2018-16839)\n\nBrian Carpenter discovered that curl incorrectly handled memory when\nclosing certain handles. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2018-16840)\n\nBrian Carpenter discovered that the curl command-line tool incorrectly\nhandled error messages. A remote attacker could possibly use this\nissue to obtain sensitive information. (CVE-2018-16842).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3805-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"curl\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl4\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"curl\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl4\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:04", "description": "- SASL password overflow via integer overflow (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : curl (2018-7785911c9e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-7785911C9E.NASL", "href": "https://www.tenable.com/plugins/nessus/120542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7785911c9e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120542);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"FEDORA\", value:\"2018-7785911c9e\");\n\n script_name(english:\"Fedora 29 : curl (2018-7785911c9e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - SASL password overflow via integer overflow\n (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr\n (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7785911c9e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:00", "description": "This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2018-11-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-1379)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1379.NASL", "href": "https://www.tenable.com/plugins/nessus/118876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1379.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118876);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-1379)\");\n script_summary(english:\"Check for the openSUSE-2018-1379 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer\n overflow was fixed which could lead to crashes\n (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close\n was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was\n fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:08:44", "description": "This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-903)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini"], "id": "OPENSUSE-2019-903.NASL", "href": "https://www.tenable.com/plugins/nessus/123369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-903.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123369);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-903)\");\n script_summary(english:\"Check for the openSUSE-2019-903 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer\n overflow was fixed which could lead to crashes\n (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close\n was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was\n fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:39", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {}, "published": "2018-11-01T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-304-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-304-01.NASL", "href": "https://www.tenable.com/plugins/nessus/118586", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-304-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118586);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"SSA\", value:\"2018-304-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-304-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.432448\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa628473\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:21:17", "description": "The remote host is affected by the vulnerability described in GLSA-201903-03 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2019-03-11T00:00:00", "type": "nessus", "title": "GLSA-201903-03 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201903-03.NASL", "href": "https://www.tenable.com/plugins/nessus/122731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201903-03.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122731);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"GLSA\", value:\"201903-03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"GLSA-201903-03 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201903-03\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201903-03\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.64.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.64.0\"), vulnerable:make_list(\"lt 7.64.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:35", "description": "curl security problems :\n\nCVE-2018-16839: SASL password overflow via integer overflow\n\nlibcurl contains a buffer overrun in the SASL authentication code.\n\nThe internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then calculates a buffer size to allocate.\n\nOn systems with a 32 bit size_t, the math to calculate the buffer size triggers an integer overflow when the user name length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow.\n\nThis bug is very similar to CVE-2017-14618.\n\nIt affects curl 7.33.0 to 7.61.1.\n\nCVE-2018-16840: use-after-free in handle close\n\nlibcurl contains a heap use-after-free flaw in code related to closing an easy handle.\n\nWhen closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.\n\nIt affects curl 7.59.0 to 7.61.1.\n\nCVE-2018-16842: warning message out-of-buffer read\n\ncurl contains a heap out of buffer read vulnerability.\n\nThe command line tool has a generic function for displaying warning and informational messages to stderr for various situations. For example if an unknown command line argument is used, or passed to it in a 'config' file.\n\nThis display function formats the output to wrap at 80 columns. The wrap logic is however flawed, so if a single word in the message is itself longer than 80 bytes the buffer arithmetic calculates the remainder wrong and will end up reading behind the end of the buffer.\nThis could lead to information disclosure or crash.\n\nThis vulnerability could lead to a security issue if used in this or similar situations :\n\n1. a server somewhere uses the curl command line to run something\n\n2. if it fails, it shows stderr to the user\n\n3. the server takes user input for parts of its command line input\n\n4. user provides something overly long that triggers this crash\n\n5. the stderr output may now contain user memory contents that wasn't meant to be available\n\nIt affects curl 7.14.1 to 7.61.1.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "FreeBSD : curl -- multiple vulnerabilities (e0ab1773-07c1-46c6-9170-4c5e81c00927)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E0AB177307C146C691704C5E81C00927.NASL", "href": "https://www.tenable.com/plugins/nessus/118707", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118707);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"FreeBSD : curl -- multiple vulnerabilities (e0ab1773-07c1-46c6-9170-4c5e81c00927)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"curl security problems :\n\nCVE-2018-16839: SASL password overflow via integer overflow\n\nlibcurl contains a buffer overrun in the SASL authentication code.\n\nThe internal function Curl_auth_create_plain_message fails to\ncorrectly verify that the passed in lengths for name and password\naren't too long, then calculates a buffer size to allocate.\n\nOn systems with a 32 bit size_t, the math to calculate the buffer size\ntriggers an integer overflow when the user name length exceeds 2GB\n(2^31 bytes). This integer overflow usually causes a very small buffer\nto actually get allocated instead of the intended very huge one,\nmaking the use of that buffer end up in a heap buffer overflow.\n\nThis bug is very similar to CVE-2017-14618.\n\nIt affects curl 7.33.0 to 7.61.1.\n\nCVE-2018-16840: use-after-free in handle close\n\nlibcurl contains a heap use-after-free flaw in code related to closing\nan easy handle.\n\nWhen closing and cleaning up an 'easy' handle in the Curl_close()\nfunction, the library code first frees a struct (without nulling the\npointer) and might then subsequently erroneously write to a struct\nfield within that already freed struct.\n\nIt affects curl 7.59.0 to 7.61.1.\n\nCVE-2018-16842: warning message out-of-buffer read\n\ncurl contains a heap out of buffer read vulnerability.\n\nThe command line tool has a generic function for displaying warning\nand informational messages to stderr for various situations. For\nexample if an unknown command line argument is used, or passed to it\nin a 'config' file.\n\nThis display function formats the output to wrap at 80 columns. The\nwrap logic is however flawed, so if a single word in the message is\nitself longer than 80 bytes the buffer arithmetic calculates the\nremainder wrong and will end up reading behind the end of the buffer.\nThis could lead to information disclosure or crash.\n\nThis vulnerability could lead to a security issue if used in this or\nsimilar situations :\n\n1. a server somewhere uses the curl command line to run something\n\n2. if it fails, it shows stderr to the user\n\n3. the server takes user input for parts of its command line input\n\n4. user provides something overly long that triggers this crash\n\n5. the stderr output may now contain user memory contents that wasn't\nmeant to be available\n\nIt affects curl 7.14.1 to 7.61.1.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/security.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16842.html\"\n );\n # https://vuxml.freebsd.org/freebsd/e0ab1773-07c1-46c6-9170-4c5e81c00927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79d7317b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl>=7.14.1<7.60.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:01", "description": "An update of 'curl' packages of Photon OS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2018-2.0-0068 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0068.NASL", "href": "https://www.tenable.com/plugins/nessus/111954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0068. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111954);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:51\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2018-2.0-0068 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'curl' packages of Photon OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-68\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eca41ecc\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000300\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"curl-7.59.0-2.ph2\",\n \"curl-debuginfo-7.59.0-2.ph2\",\n \"curl-devel-7.59.0-2.ph2\",\n \"curl-libs-7.59.0-2.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:41:21", "description": "This update for curl to version 7.60.0 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies (bsc#1092094).\n\n - CVE-2018-1000301: Prevent buffer over-read that could have cause reading data beyond the end of a heap based buffer used to store downloaded RTSP content (bsc#1092098).\n\nThese non-security issues were fixed :\n\n - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol\n\n - Add --haproxy-protocol for the command line tool\n\n - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses \n\n - FTP: fix typo in recursive callback detection for seeking\n\n - test1208: marked flaky\n\n - HTTP: make header-less responses still count correct body size\n\n - user-agent.d:: mention --proxy-header as well\n\n- http2: fixes typo\n\n - cleanup: misc typos in strings and comments\n\n - rate-limit: use three second window to better handle high speeds\n\n - examples/hiperfifo.c: improved\n\n - pause: when changing pause state, update socket state\n\n - curl_version_info.3: fix ssl_version description\n\n - add_handle/easy_perform: clear errorbuffer on start if set\n\n - cmake: add support for brotli\n\n - parsedate: support UT timezone\n\n - vauth/ntlm.h: fix the #ifdef header guard\n\n - lib/curl_path.h: added #ifdef header guard\n\n - vauth/cleartext: fix integer overflow check\n\n - CURLINFO_COOKIELIST.3: made the example not leak memory\n\n - cookie.d: mention that '-' as filename means stdin\n\n - CURLINFO_SSL_VERIFYRESULT.3: fixed the example\n\n- http2: read pending frames (including GOAWAY) in connection-check\n\n - timeval: remove compilation warning by casting\n\n - cmake: avoid warn-as-error during config checks\n\n - travis-ci: enable -Werror for CMake builds\n\n - openldap: fix for NULL return from ldap_get_attribute_ber()\n\n - threaded resolver: track resolver time and set suitable timeout values\n\n - cmake: Add advapi32 as explicit link library for win32\n\n - docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T\n\n - test1148: set a fixed locale for the test\n\n - cookies: when reading from a file, only remove_expired once\n\n - cookie: store cookies per top-level-domain-specific hash table\n\n - openssl: RESTORED verify locations when verifypeer==0\n\n - file: restore old behavior for file:////foo/bar URLs\n\n - FTP: allow PASV on IPv6 connections when a proxy is being used\n\n - build-openssl.bat: allow custom paths for VS and perl\n\n - winbuild: make the clean target work without build-type\n\n - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15\n\n - curl: retry on FTP 4xx, ignore other protocols\n\n - configure: detect (and use) sa_family_t\n\n - examples/sftpuploadresume: Fix Windows large file seek\n\n - build: cleanup to fix clang warnings/errors\n\n - winbuild: updated the documentation\n\n - lib: silence null-dereference warnings\n\n - travis: bump to clang 6 and gcc 7\n\n - travis: build libpsl and make builds use it\n\n - proxy: show getenv proxy use in verbose output\n\n - duphandle: make sure CURLOPT_RESOLVE is duplicated\n\n - all: Refactor malloc+memset to use calloc\n\n - checksrc: Fix typo\n\n - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection\n\n - vauth: Fix typo\n\n - ssh: show libSSH2 error code when closing fails\n\n - test1148: tolerate progress updates better\n\n - urldata: make service names unconditional\n\n - configure: keep LD_LIBRARY_PATH changes local\n\n - ntlm_sspi: fix authentication using Credential Manager\n\n - schannel: add client certificate authentication\n\n - winbuild: Support custom devel paths for each dependency\n\n - schannel: add support for CURLOPT_CAINFO\n\n- http2: handle on_begin_headers() called more than once\n\n - openssl: support OpenSSL 1.1.1 verbose-mode trace messages\n\n - openssl: fix subjectAltName check on non-ASCII platforms\n\n- http2: avoid strstr() on data not zero terminated\n\n- http2: clear the 'drain counter' when a stream is closed\n\n- http2: handle GOAWAY properly\n\n - tool_help: clarify --max-time unit of time is seconds\n\n - curl.1: clarify that options and URLs can be mixed\n\n- http2: convert an assert to run-time check\n\n - curl_global_sslset: always provide available backends\n\n - ftplistparser: keep state between invokes\n\n - Curl_memchr: zero length input can't match\n\n - examples/sftpuploadresume: typecast fseek argument to long\n\n - examples/http2-upload: expand buffer to avoid silly warning\n\n - ctype: restore character classification for non-ASCII platforms\n\n - mime: avoid NULL pointer dereference risk\n\n - cookies: ensure that we have cookies before writing jar\n\n - os400.c: fix checksrc warnings\n\n - configure: provide --with-wolfssl as an alias for\n --with-cyassl\n\n - cyassl: adapt to libraries without TLS 1.0 support built-in\n\n- http2: get rid of another strstr\n\n - checksrc: force indentation of lines after an else\n\n - cookies: remove unused macro\n\n - CURLINFO_PROTOCOL.3: mention the existing defined names\n\n - tests: provide 'manual' as a feature to optionally require\n\n - travis: enable libssh2 on both macos and Linux\n\n - CURLOPT_URL.3: added ENCODING section\n\n - wolfssl: Fix non-blocking connect\n\n - vtls: don't define MD5_DIGEST_LENGTH for wolfssl\n\n - docs: remove extraneous commas in man pages\n\n - URL: fix ASCII dependency in strcpy_url and strlen_url\n\n - ssh-libssh.c: fix left shift compiler warning\n\n - configure: only check for CA bundle for file-using SSL backends\n\n - travis: add an mbedtls build\n\n- http: don't set the 'rewind' flag when not uploading anything\n\n - configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h\n\n - transfer: don't unset writesockfd on setup of multiplexed conns\n\n - vtls: use unified 'supports' bitfield member in backends\n\n - URLs: fix one more http url\n\n - travis: add a build using WolfSSL\n\n - openssl: change FILE ops to BIO ops\n\n - travis: add build using NSS\n\n - smb: reject negative file sizes\n\n - cookies: accept parameter names as cookie name\n\n- http2: getsock fix for uploads\n\n - all over: fixed format specifiers\n\n- http2: use the correct function pointer typedef", "cvss3": {}, "published": "2018-06-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-589)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-589.NASL", "href": "https://www.tenable.com/plugins/nessus/110434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-589.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110434);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-589)\");\n script_summary(english:\"Check for the openSUSE-2018-589 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl to version 7.60.0 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-1000300: Prevent heap-based buffer overflow\n when closing down an FTP connection with very long\n server command replies (bsc#1092094).\n\n - CVE-2018-1000301: Prevent buffer over-read that could\n have cause reading data beyond the end of a heap based\n buffer used to store downloaded RTSP content\n (bsc#1092098).\n\nThese non-security issues were fixed :\n\n - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy\n PROXY protocol\n\n - Add --haproxy-protocol for the command line tool\n\n - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP\n addresses \n\n - FTP: fix typo in recursive callback detection for\n seeking\n\n - test1208: marked flaky\n\n - HTTP: make header-less responses still count correct\n body size\n\n - user-agent.d:: mention --proxy-header as well\n\n- http2: fixes typo\n\n - cleanup: misc typos in strings and comments\n\n - rate-limit: use three second window to better handle\n high speeds\n\n - examples/hiperfifo.c: improved\n\n - pause: when changing pause state, update socket state\n\n - curl_version_info.3: fix ssl_version description\n\n - add_handle/easy_perform: clear errorbuffer on start if\n set\n\n - cmake: add support for brotli\n\n - parsedate: support UT timezone\n\n - vauth/ntlm.h: fix the #ifdef header guard\n\n - lib/curl_path.h: added #ifdef header guard\n\n - vauth/cleartext: fix integer overflow check\n\n - CURLINFO_COOKIELIST.3: made the example not leak memory\n\n - cookie.d: mention that '-' as filename means stdin\n\n - CURLINFO_SSL_VERIFYRESULT.3: fixed the example\n\n- http2: read pending frames\n (including GOAWAY) in connection-check\n\n - timeval: remove compilation warning by casting\n\n - cmake: avoid warn-as-error during config checks\n\n - travis-ci: enable -Werror for CMake builds\n\n - openldap: fix for NULL return from\n ldap_get_attribute_ber()\n\n - threaded resolver: track resolver time and set suitable\n timeout values\n\n - cmake: Add advapi32 as explicit link library for win32\n\n - docs: fix CURLINFO_*_T examples use of\n CURL_FORMAT_CURL_OFF_T\n\n - test1148: set a fixed locale for the test\n\n - cookies: when reading from a file, only remove_expired\n once\n\n - cookie: store cookies per top-level-domain-specific hash\n table\n\n - openssl: RESTORED verify locations when verifypeer==0\n\n - file: restore old behavior for file:////foo/bar URLs\n\n - FTP: allow PASV on IPv6 connections when a proxy is\n being used\n\n - build-openssl.bat: allow custom paths for VS and perl\n\n - winbuild: make the clean target work without build-type\n\n - build-openssl.bat: Refer to VS2017 as VC14.1 instead of\n VC15\n\n - curl: retry on FTP 4xx, ignore other protocols\n\n - configure: detect (and use) sa_family_t\n\n - examples/sftpuploadresume: Fix Windows large file seek\n\n - build: cleanup to fix clang warnings/errors\n\n - winbuild: updated the documentation\n\n - lib: silence null-dereference warnings\n\n - travis: bump to clang 6 and gcc 7\n\n - travis: build libpsl and make builds use it\n\n - proxy: show getenv proxy use in verbose output\n\n - duphandle: make sure CURLOPT_RESOLVE is duplicated\n\n - all: Refactor malloc+memset to use calloc\n\n - checksrc: Fix typo\n\n - system.h: Add sparcv8plus to oracle/sunpro 32-bit\n detection\n\n - vauth: Fix typo\n\n - ssh: show libSSH2 error code when closing fails\n\n - test1148: tolerate progress updates better\n\n - urldata: make service names unconditional\n\n - configure: keep LD_LIBRARY_PATH changes local\n\n - ntlm_sspi: fix authentication using Credential Manager\n\n - schannel: add client certificate authentication\n\n - winbuild: Support custom devel paths for each dependency\n\n - schannel: add support for CURLOPT_CAINFO\n\n- http2: handle on_begin_headers() called more than once\n\n - openssl: support OpenSSL 1.1.1 verbose-mode trace\n messages\n\n - openssl: fix subjectAltName check on non-ASCII platforms\n\n- http2: avoid strstr() on data not zero terminated\n\n- http2: clear the 'drain counter' when a stream is closed\n\n- http2: handle GOAWAY properly\n\n - tool_help: clarify --max-time unit of time is seconds\n\n - curl.1: clarify that options and URLs can be mixed\n\n- http2: convert an assert to run-time check\n\n - curl_global_sslset: always provide available backends\n\n - ftplistparser: keep state between invokes\n\n - Curl_memchr: zero length input can't match\n\n - examples/sftpuploadresume: typecast fseek argument to\n long\n\n - examples/http2-upload: expand buffer to avoid silly\n warning\n\n - ctype: restore character classification for non-ASCII\n platforms\n\n - mime: avoid NULL pointer dereference risk\n\n - cookies: ensure that we have cookies before writing jar\n\n - os400.c: fix checksrc warnings\n\n - configure: provide --with-wolfssl as an alias for\n --with-cyassl\n\n - cyassl: adapt to libraries without TLS 1.0 support\n built-in\n\n- http2: get rid of another strstr\n\n - checksrc: force indentation of lines after an else\n\n - cookies: remove unused macro\n\n - CURLINFO_PROTOCOL.3: mention the existing defined names\n\n - tests: provide 'manual' as a feature to optionally\n require\n\n - travis: enable libssh2 on both macos and Linux\n\n - CURLOPT_URL.3: added ENCODING section\n\n - wolfssl: Fix non-blocking connect\n\n - vtls: don't define MD5_DIGEST_LENGTH for wolfssl\n\n - docs: remove extraneous commas in man pages\n\n - URL: fix ASCII dependency in strcpy_url and strlen_url\n\n - ssh-libssh.c: fix left shift compiler warning\n\n - configure: only check for CA bundle for file-using SSL\n backends\n\n - travis: add an mbedtls build\n\n- http: don't set the 'rewind' flag when not uploading anything\n\n - configure: put CURLDEBUG and DEBUGBUILD in\n lib/curl_config.h\n\n - transfer: don't unset writesockfd on setup of\n multiplexed conns\n\n - vtls: use unified 'supports' bitfield member in backends\n\n - URLs: fix one more http url\n\n - travis: add a build using WolfSSL\n\n - openssl: change FILE ops to BIO ops\n\n - travis: add build using NSS\n\n - smb: reject negative file sizes\n\n - cookies: accept parameter names as cookie name\n\n- http2: getsock fix for uploads\n\n - all over: fixed format specifiers\n\n- http2: use the correct function pointer typedef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092098\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:02:38", "description": "This update for curl to version 7.60.0 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies (bsc#1092094).\n\n - CVE-2018-1000301: Prevent buffer over-read that could have cause reading data beyond the end of a heap based buffer used to store downloaded RTSP content (bsc#1092098).\n\nThese non-security issues were fixed :\n\n - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol\n\n - Add --haproxy-protocol for the command line tool\n\n - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses \n\n - FTP: fix typo in recursive callback detection for seeking\n\n - test1208: marked flaky\n\n - HTTP: make header-less responses still count correct body size\n\n - user-agent.d:: mention --proxy-header as well\n\n- http2: fixes typo\n\n - cleanup: misc typos in strings and comments\n\n - rate-limit: use three second window to better handle high speeds\n\n - examples/hiperfifo.c: improved\n\n - pause: when changing pause state, update socket state\n\n - curl_version_info.3: fix ssl_version description\n\n - add_handle/easy_perform: clear errorbuffer on start if set\n\n - cmake: add support for brotli\n\n - parsedate: support UT timezone\n\n - vauth/ntlm.h: fix the #ifdef header guard\n\n - lib/curl_path.h: added #ifdef header guard\n\n - vauth/cleartext: fix integer overflow check\n\n - CURLINFO_COOKIELIST.3: made the example not leak memory\n\n - cookie.d: mention that '-' as filename means stdin\n\n - CURLINFO_SSL_VERIFYRESULT.3: fixed the example\n\n- http2: read pending frames (including GOAWAY) in connection-check\n\n - timeval: remove compilation warning by casting\n\n - cmake: avoid warn-as-error during config checks\n\n - travis-ci: enable -Werror for CMake builds\n\n - openldap: fix for NULL return from ldap_get_attribute_ber()\n\n - threaded resolver: track resolver time and set suitable timeout values\n\n - cmake: Add advapi32 as explicit link library for win32\n\n - docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T\n\n - test1148: set a fixed locale for the test\n\n - cookies: when reading from a file, only remove_expired once\n\n - cookie: store cookies per top-level-domain-specific hash table\n\n - openssl: RESTORED verify locations when verifypeer==0\n\n - file: restore old behavior for file:////foo/bar URLs\n\n - FTP: allow PASV on IPv6 connections when a proxy is being used\n\n - build-openssl.bat: allow custom paths for VS and perl\n\n - winbuild: make the clean target work without build-type\n\n - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15\n\n - curl: retry on FTP 4xx, ignore other protocols\n\n - configure: detect (and use) sa_family_t\n\n - examples/sftpuploadresume: Fix Windows large file seek\n\n - build: cleanup to fix clang warnings/errors\n\n - winbuild: updated the documentation\n\n - lib: silence null-dereference warnings\n\n - travis: bump to clang 6 and gcc 7\n\n - travis: build libpsl and make builds use it\n\n - proxy: show getenv proxy use in verbose output\n\n - duphandle: make sure CURLOPT_RESOLVE is duplicated\n\n - all: Refactor malloc+memset to use calloc\n\n - checksrc: Fix typo\n\n - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection\n\n - vauth: Fix typo\n\n - ssh: show libSSH2 error code when closing fails\n\n - test1148: tolerate progress updates better\n\n - urldata: make service names unconditional\n\n - configure: keep LD_LIBRARY_PATH changes local\n\n - ntlm_sspi: fix authentication using Credential Manager\n\n - schannel: add client certificate authentication\n\n - winbuild: Support custom devel paths for each dependency\n\n - schannel: add support for CURLOPT_CAINFO\n\n- http2: handle on_begin_headers() called more than once\n\n - openssl: support OpenSSL 1.1.1 verbose-mode trace messages\n\n - openssl: fix subjectAltName check on non-ASCII platforms\n\n- http2: avoid strstr() on data not zero terminated\n\n- http2: clear the 'drain counter' when a stream is closed\n\n- http2: handle GOAWAY properly\n\n - tool_help: clarify --max-time unit of time is seconds\n\n - curl.1: clarify that options and URLs can be mixed\n\n- http2: convert an assert to run-time check\n\n - curl_global_sslset: always provide available backends\n\n - ftplistparser: keep state between invokes\n\n - Curl_memchr: zero length input can't match\n\n - examples/sftpuploadresume: typecast fseek argument to long\n\n - examples/http2-upload: expand buffer to avoid silly warning\n\n - ctype: restore character classification for non-ASCII platforms\n\n - mime: avoid NULL pointer dereference risk\n\n - cookies: ensure that we have cookies before writing jar\n\n - os400.c: fix checksrc warnings\n\n - configure: provide --with-wolfssl as an alias for\n --with-cyassl\n\n - cyassl: adapt to libraries without TLS 1.0 support built-in\n\n- http2: get rid of another strstr\n\n - checksrc: force indentation of lines after an else\n\n - cookies: remove unused macro\n\n - CURLINFO_PROTOCOL.3: mention the existing defined names\n\n - tests: provide 'manual' as a feature to optionally require\n\n - travis: enable libssh2 on both macos and Linux\n\n - CURLOPT_URL.3: added ENCODING section\n\n - wolfssl: Fix non-blocking connect\n\n - vtls: don't define MD5_DIGEST_LENGTH for wolfssl\n\n - docs: remove extraneous commas in man pages\n\n - URL: fix ASCII dependency in strcpy_url and strlen_url\n\n - ssh-libssh.c: fix left shift compiler warning\n\n - configure: only check for CA bundle for file-using SSL backends\n\n - travis: add an mbedtls build\n\n- http: don't set the 'rewind' flag when not uploading anything\n\n - configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h\n\n - transfer: don't unset writesockfd on setup of multiplexed conns\n\n - vtls: use unified 'supports' bitfield member in backends\n\n - URLs: fix one more http url\n\n - travis: add a build using WolfSSL\n\n - openssl: change FILE ops to BIO ops\n\n - travis: add build using NSS\n\n - smb: reject negative file sizes\n\n - cookies: accept parameter names as cookie name\n\n- http2: getsock fix for uploads\n\n - all over: fixed format specifiers\n\n- http2: use the correct function pointer typedef", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-435)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-435.NASL", "href": "https://www.tenable.com/plugins/nessus/123190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-435.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123190);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-435)\");\n script_summary(english:\"Check for the openSUSE-2019-435 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl to version 7.60.0 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-1000300: Prevent heap-based buffer overflow\n when closing down an FTP connection with very long\n server command replies (bsc#1092094).\n\n - CVE-2018-1000301: Prevent buffer over-read that could\n have cause reading data beyond the end of a heap based\n buffer used to store downloaded RTSP content\n (bsc#1092098).\n\nThese non-security issues were fixed :\n\n - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy\n PROXY protocol\n\n - Add --haproxy-protocol for the command line tool\n\n - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP\n addresses \n\n - FTP: fix typo in recursive callback detection for\n seeking\n\n - test1208: marked flaky\n\n - HTTP: make header-less responses still count correct\n body size\n\n - user-agent.d:: mention --proxy-header as well\n\n- http2: fixes typo\n\n - cleanup: misc typos in strings and comments\n\n - rate-limit: use three second window to better handle\n high speeds\n\n - examples/hiperfifo.c: improved\n\n - pause: when changing pause state, update socket state\n\n - curl_version_info.3: fix ssl_version description\n\n - add_handle/easy_perform: clear errorbuffer on start if\n set\n\n - cmake: add support for brotli\n\n - parsedate: support UT timezone\n\n - vauth/ntlm.h: fix the #ifdef header guard\n\n - lib/curl_path.h: added #ifdef header guard\n\n - vauth/cleartext: fix integer overflow check\n\n - CURLINFO_COOKIELIST.3: made the example not leak memory\n\n - cookie.d: mention that '-' as filename means stdin\n\n - CURLINFO_SSL_VERIFYRESULT.3: fixed the example\n\n- http2: read pending frames\n (including GOAWAY) in connection-check\n\n - timeval: remove compilation warning by casting\n\n - cmake: avoid warn-as-error during config checks\n\n - travis-ci: enable -Werror for CMake builds\n\n - openldap: fix for NULL return from\n ldap_get_attribute_ber()\n\n - threaded resolver: track resolver time and set suitable\n timeout values\n\n - cmake: Add advapi32 as explicit link library for win32\n\n - docs: fix CURLINFO_*_T examples use of\n CURL_FORMAT_CURL_OFF_T\n\n - test1148: set a fixed locale for the test\n\n - cookies: when reading from a file, only remove_expired\n once\n\n - cookie: store cookies per top-level-domain-specific hash\n table\n\n - openssl: RESTORED verify locations when verifypeer==0\n\n - file: restore old behavior for file:////foo/bar URLs\n\n - FTP: allow PASV on IPv6 connections when a proxy is\n being used\n\n - build-openssl.bat: allow custom paths for VS and perl\n\n - winbuild: make the clean target work without build-type\n\n - build-openssl.bat: Refer to VS2017 as VC14.1 instead of\n VC15\n\n - curl: retry on FTP 4xx, ignore other protocols\n\n - configure: detect (and use) sa_family_t\n\n - examples/sftpuploadresume: Fix Windows large file seek\n\n - build: cleanup to fix clang warnings/errors\n\n - winbuild: updated the documentation\n\n - lib: silence null-dereference warnings\n\n - travis: bump to clang 6 and gcc 7\n\n - travis: build libpsl and make builds use it\n\n - proxy: show getenv proxy use in verbose output\n\n - duphandle: make sure CURLOPT_RESOLVE is duplicated\n\n - all: Refactor malloc+memset to use calloc\n\n - checksrc: Fix typo\n\n - system.h: Add sparcv8plus to oracle/sunpro 32-bit\n detection\n\n - vauth: Fix typo\n\n - ssh: show libSSH2 error code when closing fails\n\n - test1148: tolerate progress updates better\n\n - urldata: make service names unconditional\n\n - configure: keep LD_LIBRARY_PATH changes local\n\n - ntlm_sspi: fix authentication using Credential Manager\n\n - schannel: add client certificate authentication\n\n - winbuild: Support custom devel paths for each dependency\n\n - schannel: add support for CURLOPT_CAINFO\n\n- http2: handle on_begin_headers() called more than once\n\n - openssl: support OpenSSL 1.1.1 verbose-mode trace\n messages\n\n - openssl: fix subjectAltName check on non-ASCII platforms\n\n- http2: avoid strstr() on data not zero terminated\n\n- http2: clear the 'drain counter' when a stream is closed\n\n- http2: handle GOAWAY properly\n\n - tool_help: clarify --max-time unit of time is seconds\n\n - curl.1: clarify that options and URLs can be mixed\n\n- http2: convert an assert to run-time check\n\n - curl_global_sslset: always provide available backends\n\n - ftplistparser: keep state between invokes\n\n - Curl_memchr: zero length input can't match\n\n - examples/sftpuploadresume: typecast fseek argument to\n long\n\n - examples/http2-upload: expand buffer to avoid silly\n warning\n\n - ctype: restore character classification for non-ASCII\n platforms\n\n - mime: avoid NULL pointer dereference risk\n\n - cookies: ensure that we have cookies before writing jar\n\n - os400.c: fix checksrc warnings\n\n - configure: provide --with-wolfssl as an alias for\n --with-cyassl\n\n - cyassl: adapt to libraries without TLS 1.0 support\n built-in\n\n- http2: get rid of another strstr\n\n - checksrc: force indentation of lines after an else\n\n - cookies: remove unused macro\n\n - CURLINFO_PROTOCOL.3: mention the existing defined names\n\n - tests: provide 'manual' as a feature to optionally\n require\n\n - travis: enable libssh2 on both macos and Linux\n\n - CURLOPT_URL.3: added ENCODING section\n\n - wolfssl: Fix non-blocking connect\n\n - vtls: don't define MD5_DIGEST_LENGTH for wolfssl\n\n - docs: remove extraneous commas in man pages\n\n - URL: fix ASCII dependency in strcpy_url and strlen_url\n\n - ssh-libssh.c: fix left shift compiler warning\n\n - configure: only check for CA bundle for file-using SSL\n backends\n\n - travis: add an mbedtls build\n\n- http: don't set the 'rewind' flag when not uploading anything\n\n - configure: put CURLDEBUG and DEBUGBUILD in\n lib/curl_config.h\n\n - transfer: don't unset writesockfd on setup of\n multiplexed conns\n\n - vtls: use unified 'supports' bitfield member in backends\n\n - URLs: fix one more http url\n\n - travis: add a build using WolfSSL\n\n - openssl: change FILE ops to BIO ops\n\n - travis: add build using NSS\n\n - smb: reject negative file sizes\n\n - cookies: accept parameter names as cookie name\n\n- http2: getsock fix for uploads\n\n - all over: fixed format specifiers\n\n- http2: use the correct function pointer typedef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092098\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:46:10", "description": "cURL security problems :\n\nCVE-2018-1000300: FTP shutdown response buffer overflow\n\ncurl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.\n\nWhen doing FTP transfers, curl keeps a spare 'closure handle' around internally that will be used when an FTP connection gets shut down since the original curl easy handle is then already removed.\n\nFTP server response data that gets cached from the original transfer might then be larger than the default buffer size (16 KB) allocated in the 'closure handle', which can lead to a buffer overwrite. The contents and size of that overwrite is controllable by the server.\n\nThis situation was detected by an assert() in the code, but that was of course only preventing bad stuff in debug builds. This bug is very unlikely to trigger with non-malicious servers.\n\nWe are not aware of any exploit of this flaw.\n\nCVE-2018-1000301: RTSP bad headers buffer over-read\n\ncurl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content.\n\nWhen servers send RTSP responses back to curl, the data starts out with a set of headers. curl parses that data to separate it into a number of headers to deal with those appropriately and to find the end of the headers that signal the start of the 'body' part.\n\nThe function that splits up the response into headers is called Curl_http_readwrite_headers() and in situations where it can't find a single header in the buffer, it might end up leaving a pointer pointing into the buffer instead of to the start of the buffer which then later on may lead to an out of buffer read when code assumes that pointer points to a full buffer size worth of memory to use.\n\nThis could potentially lead to information leakage but most likely a crash/denial of service for applications if a server triggers this flaw.\n\nWe are not aware of any exploit of this flaw.", "cvss3": {}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- multiple vulnerabilities (04fe6c8d-2a34-4009-a81e-e7a7e759b5d2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-12-19T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_04FE6C8D2A344009A81EE7A7E759B5D2.NASL", "href": "https://www.tenable.com/plugins/nessus/109877", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109877);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/19 13:21:19\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n\n script_name(english:\"FreeBSD : cURL -- multiple vulnerabilities (04fe6c8d-2a34-4009-a81e-e7a7e759b5d2)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"cURL security problems :\n\nCVE-2018-1000300: FTP shutdown response buffer overflow\n\ncurl might overflow a heap based memory buffer when closing down an\nFTP connection with very long server command replies.\n\nWhen doing FTP transfers, curl keeps a spare 'closure handle' around\ninternally that will be used when an FTP connection gets shut down\nsince the original curl easy handle is then already removed.\n\nFTP server response data that gets cached from the original transfer\nmight then be larger than the default buffer size (16 KB) allocated in\nthe 'closure handle', which can lead to a buffer overwrite. The\ncontents and size of that overwrite is controllable by the server.\n\nThis situation was detected by an assert() in the code, but that was\nof course only preventing bad stuff in debug builds. This bug is very\nunlikely to trigger with non-malicious servers.\n\nWe are not aware of any exploit of this flaw.\n\nCVE-2018-1000301: RTSP bad headers buffer over-read\n\ncurl can be tricked into reading data beyond the end of a heap based\nbuffer used to store downloaded content.\n\nWhen servers send RTSP responses back to curl, the data starts out\nwith a set of headers. curl parses that data to separate it into a\nnumber of headers to deal with those appropriately and to find the end\nof the headers that signal the start of the 'body' part.\n\nThe function that splits up the response into headers is called\nCurl_http_readwrite_headers() and in situations where it can't find a\nsingle header in the buffer, it might end up leaving a pointer\npointing into the buffer instead of to the start of the buffer which\nthen later on may lead to an out of buffer read when code assumes that\npointer points to a full buffer size worth of memory to use.\n\nThis could potentially lead to information leakage but most likely a\ncrash/denial of service for applications if a server triggers this\nflaw.\n\nWe are not aware of any exploit of this flaw.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/security.html\"\n );\n # https://curl.haxx.se/docs/adv_2018-82c2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-1000300.html\"\n );\n # https://curl.haxx.se/docs/adv_2018-b138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-1000301.html\"\n );\n # https://vuxml.freebsd.org/freebsd/04fe6c8d-2a34-4009-a81e-e7a7e759b5d2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17f158f2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl<7.60.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:46:29", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-136-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-136-01.NASL", "href": "https://www.tenable.com/plugins/nessus/109870", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-136-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109870);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/09/04 13:20:08\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_xref(name:\"SSA\", value:\"2018-136-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-136-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.422028\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16be6a69\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.60.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:27", "description": "Two vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated instead of the intended very huge one, which would trigger a heap buffer overflow when the buffer is used.\n\n - CVE-2018-16842 Brian Carpenter discovered that the logic in the curl tool to wrap error messages at 80 columns is flawed, leading to a read buffer overflow if a single word in the message is itself longer than 80 bytes.", "cvss3": {}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Debian DSA-4331-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16842"], "modified": "2021-04-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4331.NASL", "href": "https://www.tenable.com/plugins/nessus/118720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4331. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118720);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/29\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16842\");\n script_xref(name:\"DSA\", value:\"4331\");\n\n script_name(english:\"Debian DSA-4331-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Two vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2018-16839\n Harry Sintonen discovered that, on systems with a 32 bit\n size_t, an integer overflow would be triggered when a\n SASL user name longer than 2GB is used. This would in\n turn cause a very small buffer to be allocated instead\n of the intended very huge one, which would trigger a\n heap buffer overflow when the buffer is used.\n\n - CVE-2018-16842\n Brian Carpenter discovered that the logic in the curl\n tool to wrap error messages at 80 columns is flawed,\n leading to a read buffer overflow if a single word in\n the message is itself longer than 80 bytes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4331\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the curl packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:29:26", "description": "An update of the curl package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2019-1.0-0203", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0203_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/122015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0203. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122015);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2019-1.0-0203\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-203.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.59.0-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.59.0-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.59.0-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.59.0-4.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:41:30", "description": "The remote host is affected by the vulnerability described in GLSA-201806-05 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2018-06-20T00:00:00", "type": "nessus", "title": "GLSA-201806-05 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201806-05.NASL", "href": "https://www.tenable.com/plugins/nessus/110614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201806-05.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110614);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/09/04 13:20:07\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_xref(name:\"GLSA\", value:\"201806-05\");\n\n script_name(english:\"GLSA-201806-05 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201806-05\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause a Denial of Service condition, obtain\n sensitive information, or have other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201806-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.60.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.60.0\"), vulnerable:make_list(\"lt 7.60.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:55:56", "description": "An update of the curl package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2018-1.0-0158", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0158_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0158. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121855);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2018-1.0-0158\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-158.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.59.0-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.59.0-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.59.0-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.59.0-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:38", "description": "An update of 'curl' packages of Photon OS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2018-1.0-0158 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0158.NASL", "href": "https://www.tenable.com/plugins/nessus/111941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0158. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111941);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2018-1.0-0158 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'curl' packages of Photon OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-158\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cea49dda\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000300\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"curl-7.59.0-2.ph1\",\n \"curl-debuginfo-7.59.0-2.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:46:50", "description": "- fix FTP shutdown response buffer overflow (CVE-2018-1000300)\n\n - fix RTSP bad headers buffer over-read (CVE-2018-1000301)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "nessus", "title": "Fedora 27 : curl (2018-9dc7338487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-9DC7338487.NASL", "href": "https://www.tenable.com/plugins/nessus/110061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-9dc7338487.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110061);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_xref(name:\"FEDORA\", value:\"2018-9dc7338487\");\n\n script_name(english:\"Fedora 27 : curl (2018-9dc7338487)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix FTP shutdown response buffer overflow\n (CVE-2018-1000300)\n\n - fix RTSP bad headers buffer over-read (CVE-2018-1000301)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dc7338487\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"curl-7.55.1-11.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:16:59", "description": "This update for curl fixes the following issues :\n\nCVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:3608-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-04-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3608-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3608-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118729);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/29\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:3608-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nCVE-2018-16840: A use after free in closing SASL handles was fixed\n(bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\ncould lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16842/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183608-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00bf325c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2563=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2563=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2563=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2563=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:30:36", "description": "An update of the curl package has been released.", "cvss3": {}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2019-1.0-0205", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618", "CVE-2018-16839"], "modified": "2020-02-04T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0205_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/122898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0205. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122898);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/04\");\n\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-16839\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2019-1.0-0205\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-205.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14618\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.59.0-5.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.59.0-5.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:20", "description": "This update for curl fixes the following issues :\n\n - CVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2018-11-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-1383)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1383.NASL", "href": "https://www.tenable.com/plugins/nessus/118879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1383.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118879);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-1383)\");\n script_summary(english:\"Check for the openSUSE-2018-1383 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2018-16840: A use after free in closing SASL handles\n was fixed (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was\n fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-42.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:11", "description": "This update for curl fixes the following issues :\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-09T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2018:3681-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-3681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3681-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118854);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2018:3681-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed\n(bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\ncould lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16842/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183681-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f709d14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13861=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13861=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13861=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13861=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-70.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.37.0-70.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.37.0-70.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.37.0-70.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:47:15", "description": "- fix FTP shutdown response buffer overflow (CVE-2018-1000300)\n\n - fix RTSP bad headers buffer over-read (CVE-2018-1000301)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : curl (2018-fa01002d7e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-FA01002D7E.NASL", "href": "https://www.tenable.com/plugins/nessus/120931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fa01002d7e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120931);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_xref(name:\"FEDORA\", value:\"2018-fa01002d7e\");\n\n script_name(english:\"Fedora 28 : curl (2018-fa01002d7e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix FTP shutdown response buffer overflow\n (CVE-2018-1000300)\n\n - fix RTSP bad headers buffer over-read (CVE-2018-1000301)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fa01002d7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"curl-7.59.0-3.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:57:51", "description": "An update of the curl package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2018-2.0-0068", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0068_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0068. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121963);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2018-2.0-0068\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-68.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.59.0-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.59.0-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.59.0-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.59.0-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.59.0-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.59.0-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.59.0-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.59.0-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:41:59", "description": "Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.(CVE-2018-1000300)\n\nCurl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.(CVE-2018-1000301)", "cvss3": {}, "published": "2018-06-12T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : curl (ALAS-2018-1029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2018-1029.NASL", "href": "https://www.tenable.com/plugins/nessus/110446", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1029.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110446);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/31 12:25:00\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_xref(name:\"ALAS\", value:\"2018-1029\");\n\n script_name(english:\"Amazon Linux 2 : curl (ALAS-2018-1029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Curl version curl 7.54.1 to and including curl 7.59.0 contains a\nCWE-122: Heap-based Buffer Overflow vulnerability in denial of service\nand more that can result in curl might overflow a heap based memory\nbuffer when closing down an FTP connection with very long server\ncommand replies.(CVE-2018-1000300)\n\nCurl version curl 7.20.0 to and including curl 7.59.0 contains a\nCWE-126: Buffer Over-read vulnerability in denial of service that can\nresult in curl can be tricked into reading data beyond the end of a\nheap based buffer used to store downloaded RTSP\ncontent.(CVE-2018-1000301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"curl-7.55.1-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.55.1-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"libcurl-7.55.1-12.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"libcurl-devel-7.55.1-12.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:51", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3822: Fixed a NTLMv2 type-3 header stack-based buffer overflow (bsc#1123377).\n\nCVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378).\n\nCVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371).\n\nCVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660).\n\nCVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).\n\nCVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0339-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122149);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-16839\",\n \"CVE-2018-16840\",\n \"CVE-2018-16842\",\n \"CVE-2018-16890\",\n \"CVE-2019-3822\",\n \"CVE-2019-3823\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3822: Fixed a NTLMv2 type-3 header stack-based buffer\noverflow (bsc#1123377).\n\nCVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response\n(bsc#1123378).\n\nCVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2\n(bsc#1123371).\n\nCVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c\n(bsc#1113660).\n\nCVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).\n\nCVE-2018-16839: Fixed an SASL password overflow caused by an integer\noverflow (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16839/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16840/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16842/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16890/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3822/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3823/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190339-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?707494a7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-339=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-339=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-339=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-debugsource-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-debuginfo-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-debugsource-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.60.0-4.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:39:14", "description": "Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-1000300)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2018-1000301).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : curl vulnerabilities (USN-3648-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-1000303"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl4", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3648-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109893", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3648-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109893);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000303\");\n script_xref(name:\"USN\", value:\"3648-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : curl vulnerabilities (USN-3648-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Dario Weisser discovered that curl incorrectly handled long FTP server\ncommand replies. If a user or automated system were tricked into\nconnecting to a malicious FTP server, a remote attacker could use this\nissue to cause curl to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 17.10\nand Ubuntu 18.04 LTS. (CVE-2018-1000300)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP\nresponses. If a user or automated system were tricked into connecting\nto a malicious server, a remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly obtain\nsensitive information. (CVE-2018-1000301).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3648-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.16\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.16\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.16\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"curl\", pkgver:\"7.55.1-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3\", pkgver:\"7.55.1-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.55.1-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.55.1-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"curl\", pkgver:\"7.58.0-2ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.58.0-2ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.58.0-2ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl4\", pkgver:\"7.58.0-2ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:10:31", "description": "The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the October 2018 CPU advisory:\n\n - A vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener (curl)). The affected version is 12.2.1.3. This is a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. A successful attacks requires human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2018-1000300) \n - A denial of service (DoS) vulnerability exists in curl due to Buffer Over-read. Affected versions are from curl version 7.20.0 to curl 7.59.0. The vulnerable component can be tricked into reading data beyond the end of the heap.\n An unauthenticated attacked with network access can exploit this issue to cause the application to stop responding.\n (CVE-2018-1000301)\n\n - A buffer over-read vulnerability exists in curl that could lead to information leakage. Affected versions are from 7.20.0 to curl 7.58.0. A vulnerability in the RTSP+RTP handling code could allows an attacker to cause a denial of service or information leakage. An unauthenticated attacked with network access can exploit this vulnerability to cause a denial of service (DoS) or to leak information from the vulnerable application.\n (CVE-2018-1000122)", "cvss3": {}, "published": "2019-04-16T00:00:00", "type": "nessus", "title": "Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:http_server"], "id": "ORACLE_HTTP_SERVER_CPU_OCT_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/124090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124090);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2018-1000120\",\n \"CVE-2018-1000121\",\n \"CVE-2018-1000122\",\n \"CVE-2018-1000300\",\n \"CVE-2018-1000301\"\n );\n script_bugtraq_id(\n 103414,\n 103415,\n 103436,\n 104207,\n 104225\n );\n\n script_name(english:\"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle HTTP Server installed on the remote host is\naffected by vulnerabilities as noted in the October 2018 CPU advisory:\n\n - A vulnerability exists in the Oracle HTTP Server component\n of Oracle Fusion Middleware (subcomponent: Web Listener\n (curl)). The affected version is 12.2.1.3. This is a \n difficult to exploit vulnerability that allows an\n unauthenticated attacker with network access via HTTP to\n compromise Oracle HTTP Server. A successful attacks\n requires human interaction from a person other than the\n attacker. Successful attacks of this vulnerability can\n result in takeover of Oracle HTTP Server. (CVE-2018-1000300)\n \n - A denial of service (DoS) vulnerability exists in curl due\n to Buffer Over-read. Affected versions are from curl version\n 7.20.0 to curl 7.59.0. The vulnerable component can be\n tricked into reading data beyond the end of the heap.\n An unauthenticated attacked with network access can exploit\n this issue to cause the application to stop responding.\n (CVE-2018-1000301)\n\n - A buffer over-read vulnerability exists in curl that could lead to\n information leakage. Affected versions are from 7.20.0 to\n curl 7.58.0. A vulnerability in the RTSP+RTP handling code\n could allows an attacker to cause a denial of service or\n information leakage. An unauthenticated attacked with \n network access can exploit this vulnerability to cause\n a denial of service (DoS) or to leak information\n from the vulnerable application.\n (CVE-2018-1000122)\");\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?705136d8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2018 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_http_server_installed.nbin\");\n script_require_keys(\"Oracle/OHS/Installed\");\n\n exit(0);\n}\n\ninclude('oracle_http_server_patch_func.inc');\n\nget_kb_item_or_exit('Oracle/OHS/Installed');\ninstall_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');\n\ninstall = branch(install_list, key:TRUE, value:TRUE);\n\npatches = make_array();\npatches['12.2.1.3'] = make_array('fix_ver', '12.2.1.3.180710', 'patch', '28281599');\n\noracle_http_server_check_vuln(\n install : install,\n min_patches : patches,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:27:27", "description": "This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2019-05-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/124580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1311.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124580);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16839\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-1311)\");\n script_summary(english:\"Check for the openSUSE-2019-1311 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-16839: Fixed a buffer overflow in the SASL\n authentication code (bsc#1112758).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131886\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-48.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T14:10:52", "description": "This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0996-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0996-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124269", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0996-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124269);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16839\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0996-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-16839: Fixed a buffer overflow in the SASL authentication\ncode (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16839/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190996-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e671724a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-996=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-996=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-996=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-996=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-996=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-996=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-996=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-996=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:25", "description": "According to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1695.NASL", "href": "https://www.tenable.com/plugins/nessus/126537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126537);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16842\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1695)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1695\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d5b23d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h11\",\n \"libcurl-7.29.0-46.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:09:42", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap.\n The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-1090)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1090.NASL", "href": "https://www.tenable.com/plugins/nessus/123103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123103);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-14618\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-1090)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - curl before version 7.61.1 is vulnerable to a buffer\n overrun in the NTLM authentication code. The internal\n function Curl_ntlm_core_mk_nt_hash multiplies the\n length of the password by two (SUM) to figure out how\n large temporary storage area to allocate from the heap.\n The length value is then subsequently used to iterate\n over the password and generate output into the\n allocated storage buffer. On systems with a 32 bit\n size_t, the math to calculate SUM triggers an integer\n overflow when the password length exceeds 2GB (2^31\n bytes).(CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1090\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6a741c2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h23\",\n \"libcurl-7.29.0-35.h23\",\n \"libcurl-devel-7.29.0-35.h23\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:29:12", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap.\n The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1047.NASL", "href": "https://www.tenable.com/plugins/nessus/122374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122374);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-14618\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1047)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - curl before version 7.61.1 is vulnerable to a buffer\n overrun in the NTLM authentication code. The internal\n function Curl_ntlm_core_mk_nt_hash multiplies the\n length of the password by two (SUM) to figure out how\n large temporary storage area to allocate from the heap.\n The length value is then subsequently used to iterate\n over the password and generate output into the\n allocated storage buffer. On systems with a 32 bit\n size_t, the math to calculate SUM triggers an integer\n overflow when the password length exceeds 2GB (2^31\n bytes).(CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1047\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9062fbb7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h23\",\n \"libcurl-7.29.0-35.h23\",\n \"libcurl-devel-7.29.0-35.h23\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:02", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has curl packages installed that are affected by a vulnerability:\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. (CVE-2018-16842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Vulnerability (NS-SA-2019-0193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0193_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/129914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0193. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129914);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-16842\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Vulnerability (NS-SA-2019-0193)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has curl packages installed that are affected by a\nvulnerability:\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service. (CVE-2018-16842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0193\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL curl packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16842\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"curl-7.29.0-54.el7\",\n \"curl-debuginfo-7.29.0-54.el7\",\n \"libcurl-7.29.0-54.el7\",\n \"libcurl-devel-7.29.0-54.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"curl-7.29.0-54.el7\",\n \"curl-debuginfo-7.29.0-54.el7\",\n \"libcurl-7.29.0-54.el7\",\n \"libcurl-devel-7.29.0-54.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:19:30", "description": "Security Fix(es) :\n\n - curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842)", "cvss3": {}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : curl on SL7.x x86_64 (20190806)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:curl", "p-cpe:/a:fermilab:scientific_linux:curl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libcurl", "p-cpe:/a:fermilab:scientific_linux:libcurl-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_CURL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128212", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128212);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-16842\");\n\n script_name(english:\"Scientific Linux Security Update : curl on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - curl: Heap-based buffer over-read in the curl tool\n warning formatting (CVE-2018-16842)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=14090\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa18be32\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-54.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.29.0-54.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-54.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-54.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:35", "description": "- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : curl (2018-69bac0f51c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-69BAC0F51C.NASL", "href": "https://www.tenable.com/plugins/nessus/120493", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-69bac0f51c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120493);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16842\");\n script_xref(name:\"FEDORA\", value:\"2018-69bac0f51c\");\n\n script_name(english:\"Fedora 29 : curl (2018-69bac0f51c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - make the patch for CVE-2018-16842 apply properly\n (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-69bac0f51c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-5.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:59", "description": "It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-11-02T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : curl vulnerability (USN-3765-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl4", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3765-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154827", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3765-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(154827);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"USN\", value:\"3765-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : curl vulnerability (USN-3765-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that curl incorrectly handled certain inputs. An\nattacker could possibly use this to execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3765-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14618\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.17\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"curl\", pkgver:\"7.58.0-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.58.0-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.58.0-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl4\", pkgver:\"7.58.0-2ubuntu3.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:06", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {}, "published": "2018-09-06T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-249-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2019-01-22T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-249-01.NASL", "href": "https://www.tenable.com/plugins/nessus/117325", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-249-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117325);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/22 10:20:45\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"SSA\", value:\"2018-249-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-249-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.417221\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f79b2a53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.61.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:47", "description": "This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019)\n\nThis non-security issue was fixed :\n\n - Fixed erroneous debug message when paired with OpenSSL (bsc#1089533)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2018-09-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-1008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1008.NASL", "href": "https://www.tenable.com/plugins/nessus/117520", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1008.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117520);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-14618\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-1008)\");\n script_summary(english:\"Check for the openSUSE-2018-1008 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM\n authentication code (bsc#1106019)\n\nThis non-security issue was fixed :\n\n - Fixed erroneous debug message when paired with OpenSSL\n (bsc#1089533)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106019\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:47", "description": "This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019)\n\nThis non-security issue was fixed :\n\n - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2018-09-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-1010)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1010.NASL", "href": "https://www.tenable.com/plugins/nessus/117521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1010.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117521);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-14618\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-1010)\");\n script_summary(english:\"Check for the openSUSE-2018-1010 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM\n authentication code (bsc#1106019)\n\nThis non-security issue was fixed :\n\n - Use OPENSSL_config instead of CONF_modules_load_file()\n to avoid crashes due to openssl engines conflicts\n (bsc#1086367)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106019\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:10", "description": "This update for curl fixes the following issues :\n\nCVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-17T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2018:2717-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-2717-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2717-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117529);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-14618\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2018:2717-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nCVE-2018-14618: Prevent integer overflow in the NTLM authentication\ncode (bsc#1106019).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14618/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182717-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ca5ce0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13776=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13776=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13776=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13776=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-70.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.37.0-70.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.37.0-70.33.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.37.0-70.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:28", "description": "This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\nCVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:2715-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2715-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2715-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117527);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-14618\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:2715-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\nCVE-2018-14618: Prevent integer overflow in the NTLM authentication\ncode (bsc#1106019)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14618/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182715-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb4d7d72\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1903=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1903=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1903=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1903=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T15:51:14", "description": "It was discovered that there was a an integer overflow vulnerability in curl, a command line tool for transferring data over HTTP, etc.\n\nFor more information, please see :\n\n<https://curl.haxx.se/docs/CVE-2018-14618.html>\n\nFor Debian 8 'Jessie', this issue has been fixed in curl version 7.38.0-4+deb8u12.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "nessus", "title": "Debian DLA-1498-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-doc", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1498.NASL", "href": "https://www.tenable.com/plugins/nessus/117366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1498-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117366);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_name(english:\"Debian DLA-1498-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a an integer overflow vulnerability\nin curl, a command line tool for transferring data over HTTP, etc.\n\nFor more information, please see :\n\n<https://curl.haxx.se/docs/CVE-2018-14618.html>\n\nFor Debian 8 'Jessie', this issue has been fixed in curl version\n7.38.0-4+deb8u12.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-14618.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:14", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap.\n The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1021.NASL", "href": "https://www.tenable.com/plugins/nessus/122168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122168);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-14618\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1021)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - curl before version 7.61.1 is vulnerable to a buffer\n overrun in the NTLM authentication code. The internal\n function Curl_ntlm_core_mk_nt_hash multiplies the\n length of the password by two (SUM) to figure out how\n large temporary storage area to allocate from the heap.\n The length value is then subsequently used to iterate\n over the password and generate output into the\n allocated storage buffer. On systems with a 32 bit\n size_t, the math to calculate SUM triggers an integer\n overflow when the password length exceeds 2GB (2^31\n bytes).(CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5aee7740\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h10.eulerosv2r7\",\n \"libcurl-7.29.0-46.h10.eulerosv2r7\",\n \"libcurl-devel-7.29.0-46.h10.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:38", "description": "This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\nCVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:2714-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-03-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl-devel", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-2714-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2714-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120099);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/18\");\n\n script_cve_id(\"CVE-2018-14618\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:2714-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\nCVE-2018-14618: Prevent integer overflow in the NTLM authentication\ncode (bsc#1106019)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14618/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182714-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f446e5d1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-1904=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:32", "description": "- fix NTLM password overflow via integer overflow (CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : curl (2018-111044d435)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-111044D435.NASL", "href": "https://www.tenable.com/plugins/nessus/120239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-111044d435.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120239);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"FEDORA\", value:\"2018-111044d435\");\n\n script_name(english:\"Fedora 28 : curl (2018-111044d435)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix NTLM password overflow via integer overflow\n (CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-111044d435\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"curl-7.59.0-7.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:03", "description": "- fix NTLM password overflow via integer overflow (CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : curl (2018-7f83032de6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-7F83032DE6.NASL", "href": "https://www.tenable.com/plugins/nessus/120567", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7f83032de6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120567);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"FEDORA\", value:\"2018-7f83032de6\");\n\n script_name(english:\"Fedora 29 : curl (2018-7f83032de6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix NTLM password overflow via integer overflow\n (CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7f83032de6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:06", "description": "An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n* curl crashes on http links with rate-limit (BZ#1711914)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "CentOS 7 : curl (CESA-2019:1880)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1880.NASL", "href": "https://www.tenable.com/plugins/nessus/127470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1880 and \n# CentOS Errata and Security Advisory 2019:1880 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127470);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"RHSA\", value:\"2019:1880\");\n\n script_name(english:\"CentOS 7 : curl (CESA-2019:1880)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n* curl crashes on http links with rate-limit (BZ#1711914)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023377.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe980d88\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14618\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"curl-7.29.0-51.el7_6.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-51.el7_6.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-51.el7_6.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:00", "description": "This update for curl fixes the following issues :\n\n - CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-31T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2018:1478-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000301"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-1478-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1478-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110260);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1000301\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2018:1478-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2018-1000301: Fixed a buffer over-read caused by bad\n RTSP headers (bsc#1092098)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000301/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181478-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04215a6a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13633=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13633=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13633=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13633=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-70.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.37.0-70.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.37.0-70.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.37.0-70.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:49", "description": "An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : curl (RHSA-2019:2181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/127693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2181. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127693);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-16842\");\n script_xref(name:\"RHSA\", value:\"2019:2181\");\n\n script_name(english:\"RHEL 7 : curl (RHSA-2019:2181)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: Heap-based buffer over-read in the curl tool warning\nformatting (CVE-2018-16842)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2181\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"curl-7.29.0-54.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-54.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"curl-debuginfo-7.29.0-54.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-7.29.0-54.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-devel-7.29.0-54.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:19", "description": "According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.i1/4^CVE-2018-16842i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:2.5.3", "p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl"], "id": "EULEROS_SA-2019-1269.NASL", "href": "https://www.tenable.com/plugins/nessus/123737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123737);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16842\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1269)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.i1/4^CVE-2018-16842i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1269\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7f11c81\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h31\",\n \"libcurl-7.29.0-35.h31\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:05", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has curl packages installed that are affected by a vulnerability:\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. (CVE-2018-16842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : curl Vulnerability (NS-SA-2019-0235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0235_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/132470", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0235. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132470);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-16842\");\n script_bugtraq_id(106379);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : curl Vulnerability (NS-SA-2019-0235)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has curl packages installed that are affected by a\nvulnerability:\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service. (CVE-2018-16842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0235\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL curl packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16842\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"curl-7.29.0-54.el7\",\n \"curl-debuginfo-7.29.0-54.el7\",\n \"libcurl-7.29.0-54.el7\",\n \"libcurl-devel-7.29.0-54.el7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"curl-7.29.0-54.el7\",\n \"curl-debuginfo-7.29.0-54.el7\",\n \"libcurl-7.29.0-54.el7\",\n \"libcurl-devel-7.29.0-54.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T18:07:26", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2181 advisory.\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.\n (CVE-2018-16842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : curl (ELSA-2019-2181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel"], "id": "ORACLELINUX_ELSA-2019-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/180832", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-2181.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180832);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\"CVE-2018-16842\");\n\n script_name(english:\"Oracle Linux 7 : curl (ELSA-2019-2181)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-2181 advisory.\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the\n tool_msgs.c:voutf() function that may result in information exposure and denial of service.\n (CVE-2018-16842)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-2181.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl, libcurl and / or libcurl-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16842\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'curl-7.29.0-54.0.1.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.29.0-54.0.1.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.29.0-54.0.1.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.29.0-54.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.29.0-54.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-7.29.0-54.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.29.0-54.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.29.0-54.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl / libcurl-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:57", "description": "An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "CentOS 7 : curl (CESA-2019:2181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/128372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2181 and \n# CentOS Errata and Security Advisory 2019:2181 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128372);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-16842\");\n script_xref(name:\"RHSA\", value:\"2019:2181\");\n\n script_name(english:\"CentOS 7 : curl (CESA-2019:2181)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: Heap-based buffer over-read in the curl tool warning\nformatting (CVE-2018-16842)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005842.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57ba34f5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16842\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"curl-7.29.0-54.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-54.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-54.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:43", "description": "- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : curl (2018-298a3d2923)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-298A3D2923.NASL", "href": "https://www.tenable.com/plugins/nessus/120310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-298a3d2923.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120310);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16842\");\n script_xref(name:\"FEDORA\", value:\"2018-298a3d2923\");\n\n script_name(english:\"Fedora 28 : curl (2018-298a3d2923)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - make the patch for CVE-2018-16842 apply properly\n (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-298a3d2923\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"curl-7.59.0-9.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:35", "description": "It was discovered that there was an issue in the curl a command-line tool for downloading (eg.) data over HTTP.\n\ncurl could have be tricked into reading data beyond the end of a heap based buffer used to store downloaded content.\n\nFor more information, please see upstream's advisory at :\n\nhttps://curl.haxx.se/docs/adv_2018-b138.html\n\nFor Debian 7 'Wheezy', this issue has been fixed in curl version 7.26.0-1+wheezy25+deb7u1.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-17T00:00:00", "type": "nessus", "title": "Debian DLA-1379-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000301"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1379.NASL", "href": "https://www.tenable.com/plugins/nessus/109872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1379-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109872);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-1000301\");\n\n script_name(english:\"Debian DLA-1379-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was an issue in the curl a command-line\ntool for downloading (eg.) data over HTTP.\n\ncurl could have be tricked into reading data beyond the end of a heap\nbased buffer used to store downloaded content.\n\nFor more information, please see upstream's advisory at :\n\nhttps://curl.haxx.se/docs/adv_2018-b138.html\n\nFor Debian 7 'Wheezy', this issue has been fixed in curl version\n7.26.0-1+wheezy25+deb7u1.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # https://curl.haxx.se/docs/adv_2018-b138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-1000301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy25+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:20:48", "description": "OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.", "cvss3": {}, "published": "2018-05-18T00:00:00", "type": "nessus", "title": "Debian DSA-4202-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000301"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4202.NASL", "href": "https://www.tenable.com/plugins/nessus/109901", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4202. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109901);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\"CVE-2018-1000301\");\n script_xref(name:\"DSA\", value:\"4202\");\n\n script_name(english:\"Debian DSA-4202-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL\ntransfer library, could be tricked into reading data beyond the end of\na heap based buffer when parsing invalid headers in an RTSP response.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4202\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.38.0-4+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:33", "description": "Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems.\n\nSee https://curl.haxx.se/docs/CVE-2018-14618.html for more information.", "cvss3": {}, "published": "2018-09-06T00:00:00", "type": "nessus", "title": "Debian DSA-4286-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2019-01-22T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4286.NASL", "href": "https://www.tenable.com/plugins/nessus/117298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4286. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117298);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/01/22 10:20:44\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"DSA\", value:\"4286\");\n\n script_name(english:\"Debian DSA-4286-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zhaoyang Wu discovered that cURL, an URL transfer library, contains a\nbuffer overflow in the NTLM authentication code triggered by passwords\nthat exceed 2GB in length on 32bit systems.\n\nSee https://curl.haxx.se/docs/CVE-2018-14618.html for more\ninformation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-14618.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4286\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:11", "description": "- fix NTLM password overflow via integer overflow (CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-21T00:00:00", "type": "nessus", "title": "Fedora 27 : curl (2018-ba443bcb6d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-BA443BCB6D.NASL", "href": "https://www.tenable.com/plugins/nessus/117622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-ba443bcb6d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117622);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"FEDORA\", value:\"2018-ba443bcb6d\");\n\n script_name(english:\"Fedora 27 : curl (2018-ba443bcb6d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix NTLM password overflow via integer overflow\n (CVE-2018-14618)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ba443bcb6d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"curl-7.55.1-14.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:45", "description": "From Red Hat Security Advisory 2019:1880 :\n\nAn update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n* curl crashes on http links with rate-limit (BZ#1711914)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : curl (ELSA-2019-1880)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1880.NASL", "href": "https://www.tenable.com/plugins/nessus/127604", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1880 and \n# Oracle Linux Security Advisory ELSA-2019-1880 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127604);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"RHSA\", value:\"2019:1880\");\n\n script_name(english:\"Oracle Linux 7 : curl (ELSA-2019-1880)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1880 :\n\nAn update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n* curl crashes on http links with rate-limit (BZ#1711914)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008931.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-51.0.1.el7_6.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-51.0.1.el7_6.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-51.0.1.el7_6.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:08:40", "description": "This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019)\n\nThis non-security issue was fixed :\n\n - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-694)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-694.NASL", "href": "https://www.tenable.com/plugins/nessus/123302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-694.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123302);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-14618\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-694)\");\n script_summary(english:\"Check for the openSUSE-2019-694 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nThis security issue was fixed :\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM\n authentication code (bsc#1106019)\n\nThis non-security issue was fixed :\n\n - Use OPENSSL_config instead of CONF_modules_load_file()\n to avoid crashes due to openssl engines conflicts\n (bsc#1086367)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106019\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:47", "description": "An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n* curl crashes on http links with rate-limit (BZ#1711914)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : curl (RHSA-2019:1880)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1880.NASL", "href": "https://www.tenable.com/plugins/nessus/127619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1880. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127619);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-14618\");\n script_xref(name:\"RHSA\", value:\"2019:1880\");\n\n script_name(english:\"RHEL 7 : curl (RHSA-2019:1880)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n* curl crashes on http links with rate-limit (BZ#1711914)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14618\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1880\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"curl-7.29.0-51.el7_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-51.el7_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"curl-debuginfo-7.29.0-51.el7_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-7.29.0-51.el7_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-devel-7.29.0-51.el7_6.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "altlinux": [{"lastseen": "2023-05-07T11:55:50", "description": "Oct. 31, 2018 Anton Farygin 7.62.0-alt1\n \n \n - 7.62.0 \n - fixes:\n * CVE-2018-16839 - buffer overrun in the SASL authentication code. \n * CVE-2018-16840 - use-after-free in handle close\n * CVE-2018-16842 - warning message out-of-buffer read\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-31T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 8 package curl version 7.62.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2018-10-31T00:00:00", "id": "BD277C38BD959EF105376FC265DD7615", "href": "https://packages.altlinux.org/en/p8/srpms/curl/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-07T11:55:58", "description": "May 16, 2018 Anton Farygin 7.60.0-alt1\n \n \n - 7.60.0 \n - fixes:\n * CVE-2018-1000300 FTP shutdown response buffer overflow\n * CVE-2018-1000301 RTSP bad headers buffer over-read\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-16T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 8 package curl version 7.60.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-05-16T00:00:00", "id": "D07976AB3A62F384DD30387D16CD69E1", "href": "https://packages.altlinux.org/en/p8/srpms/curl/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-07T11:55:55", "description": "Sept. 9, 2018 Anton Farygin 7.61.1-alt1\n \n \n - 7.61.1 (fixes: CVE-2018-14618)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-09T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 8 package curl version 7.61.1-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618"], "modified": "2018-09-09T00:00:00", "id": "D02C938038C7702F005F26F9B9B5FDB1", "href": "https://packages.altlinux.org/en/p8/srpms/curl/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2023-06-23T15:15:05", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nHarry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839)\n\nBrian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840)\n\nBrian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842)\n\nCVEs contained in this USN include: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.54\n * 3541.x versions prior to 3541.59\n * 3468.x versions prior to 3468.86\n * 3445.x versions prior to 3445.81\n * 3421.x versions prior to 3421.98\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.5\n * 97.x versions prior to 97.31\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.245.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.34.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.54\n * Upgrade 3541.x versions to 3541.59\n * Upgrade 3468.x versions to 3468.86\n * Upgrade 3445.x versions to 3445.81\n * Upgrade 3421.x versions to 3421.98\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.5\n * Upgrade 97.x versions to 97.31\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.245.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.34.0 or later.\n\n# References\n\n * [USN-3805-1](<https://usn.ubuntu.com/3805-1>)\n * [CVE-2018-16839](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16839>)\n * [CVE-2018-16840](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16840>)\n * [CVE-2018-16842](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16842>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-20T00:00:00", "type": "cloudfoundry", "title": "USN-3805-1: curl vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2018-11-20T00:00:00", "id": "CFOUNDRY:DD23A5B6758E6355A1168BA51E212098", "href": "https://www.cloudfoundry.org/blog/usn-3805-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T15:16:38", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nDario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-1000300)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2018-1000301)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.62\n * 3421.x versions prior to 3421.60\n * 3445.x versions prior to 3445.46\n * 3468.x versions prior to 3468.44\n * 3541.x versions prior to 3541.26\n * 3586.x versions prior to 3586.16\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.208.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.62\n * Upgrade 3421.x versions to 3421.60\n * Upgrade 3445.x versions to 3445.46\n * Upgrade 3468.x versions to 3468.44\n * Upgrade 3541.x versions to 3541.26\n * Upgrade 3586.x versions to 3586.16\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.208.0 or later.\n\n# References\n\n * [USN-3648-1](<https://usn.ubuntu.com/3648-1/>)\n * [CVE-2018-1000300](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000300>)\n * [CVE-2018-1000301](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000301>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-05T00:00:00", "type": "cloudfoundry", "title": "USN-3648-1: curl vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-06-05T00:00:00", "id": "CFOUNDRY:97EB3379D0DD4B152E47A9C87B3EEA3D", "href": "https://www.cloudfoundry.org/blog/usn-3648-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T15:15:38", "description": "# \n\n# Severity\n\nMedium\n\n# Vendo\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nIt was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2018-14618\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.43\n * 3541.x versions prior to 3541.49\n * 3468.x versions prior to 3468.71\n * 3445.x versions prior to 3445.68\n * 3421.x versions prior to 3421.83\n * 3363.x versions prior to 3363.76\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 97.x versions prior to 97.18\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.237.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.24.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.43\n * Upgrade 3541.x versions to 3541.49\n * Upgrade 3468.x versions to 3468.71\n * Upgrade 3445.x versions to 3445.68\n * Upgrade 3421.x versions to 3421.83\n * Upgrade 3363.x versions to 3363.76\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 97.x versions to 97.18\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.237.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.24.0 or later.\n\n# References\n\n * [USN-3765-1](<https://usn.ubuntu.com/3765-1>)\n * [CVE-2018-14618](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14618>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-27T00:00:00", "type": "cloudfoundry", "title": "USN-3765-1: curl vulnerability | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618"], "modified": "2018-09-27T00:00:00", "id": "CFOUNDRY:7D5B2783B5DBD6FBD3B5B832351DF6B3", "href": "https://www.cloudfoundry.org/blog/usn-3765-1/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-11-10T02:37:49", "description": "This update for curl fixes the following issues:\n\n - CVE-2018-16839: A SASL password overflow via integer overflow was fixed\n which could lead to crashes (bsc#1112758)\n - CVE-2018-16840: A use-after-free in SASL handle close was fixed which\n could lead to crashes (bsc#1112758)\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\n could lead to crashes (bsc#1113660)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-11-10T00:22:19", "type": "suse", "title": "Security update for curl (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2018-11-10T00:22:19", "id": "OPENSUSE-SU-2018:3706-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00012.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-06-09T17:30:55", "description": "This update for curl to version 7.60.0 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down\n an FTP connection with very long server command replies (bsc#1092094).\n - CVE-2018-1000301: Prevent buffer over-read that could have cause reading\n data beyond the end of a heap based buffer used to store downloaded RTSP\n content (bsc#1092098).\n\n These non-security issues were fixed:\n\n - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol\n - Add --haproxy-protocol for the command line tool\n - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses\n - FTP: fix typo in recursive callback detection for seeking\n - test1208: marked flaky\n - HTTP: make header-less responses still count correct body size\n - user-agent.d:: mention --proxy-header as well\n - http2: fixes typo\n - cleanup: misc typos in strings and comments\n - rate-limit: use three second window to better handle high speeds\n - examples/hiperfifo.c: improved\n - pause: when changing pause state, update socket state\n - curl_version_info.3: fix ssl_version description\n - add_handle/easy_perform: clear errorbuffer on start if set\n - cmake: add support for brotli\n - parsedate: support UT timezone\n - vauth/ntlm.h: fix the #ifdef header guard\n - lib/curl_path.h: added #ifdef header guard\n - vauth/cleartext: fix integer overflow check\n - CURLINFO_COOKIELIST.3: made the example not leak memory\n - cookie.d: mention that &quot;-&quot; as filename means stdin\n - CURLINFO_SSL_VERIFYRESULT.3: fixed the example\n - http2: read pending frames (including GOAWAY) in connection-check\n - timeval: remove compilation warning by casting\n - cmake: avoid warn-as-error during config checks\n - travis-ci: enable -Werror for CMake builds\n - openldap: fix for NULL return from ldap_get_attribute_ber()\n - threaded resolver: track resolver time and set suitable timeout values\n - cmake: Add advapi32 as explicit link library for win32\n - docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T\n - test1148: set a fixed locale for the test\n - cookies: when reading from a file, only remove_expired once\n - cookie: store cookies per top-level-domain-specific hash table\n - openssl: RESTORED verify locations when verifypeer==0\n - file: restore old behavior for file:////foo/bar URLs\n - FTP: allow PASV on IPv6 connections when a proxy is being used\n - build-openssl.bat: allow custom paths for VS and perl\n - winbuild: make the clean target work without build-type\n - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15\n - curl: retry on FTP 4xx, ignore other protocols\n - configure: detect (and use) sa_family_t\n - examples/sftpuploadresume: Fix Windows large file seek\n - build: cleanup to fix clang warnings/errors\n - winbuild: updated the documentation\n - lib: silence null-dereference warnings\n - travis: bump to clang 6 and gcc 7\n - travis: build libpsl and make builds use it\n - proxy: show getenv proxy use in verbose output\n - duphandle: make sure CURLOPT_RESOLVE is duplicated\n - all: Refactor malloc+memset to use calloc\n - checksrc: Fix typo\n - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection\n - vauth: Fix typo\n - ssh: show libSSH2 error code when closing fails\n - test1148: tolerate progress updates better\n - urldata: make service names unconditional\n - configure: keep LD_LIBRARY_PATH changes local\n - ntlm_sspi: fix authentication using Credential Manager\n - schannel: add client certificate authentication\n - winbuild: Support custom devel paths for each dependency\n - schannel: add support for CURLOPT_CAINFO\n - http2: handle on_begin_headers() called more than once\n - openssl: support OpenSSL 1.1.1 verbose-mode trace messages\n - openssl: fix subjectAltName check on non-ASCII platforms\n - http2: avoid strstr() on data not zero terminated\n - http2: clear the &quot;drain counter&quot; when a stream is closed\n - http2: handle GOAWAY properly\n - tool_help: clarify --max-time unit of time is seconds\n - curl.1: clarify that options and URLs can be mixed\n - http2: convert an assert to run-time check\n - curl_global_sslset: always provide available backends\n - ftplistparser: keep state between invokes\n - Curl_memchr: zero length input can't match\n - examples/sftpuploadresume: typecast fseek argument to long\n - examples/http2-upload: expand buffer to avoid silly warning\n - ctype: restore character classification for non-ASCII platforms\n - mime: avoid NULL pointer dereference risk\n - cookies: ensure that we have cookies before writing jar\n - os400.c: fix checksrc warnings\n - configure: provide --with-wolfssl as an alias for --with-cyassl\n - cyassl: adapt to libraries without TLS 1.0 support built-in\n - http2: get rid of another strstr\n - checksrc: force indentation of lines after an else\n - cookies: remove unused macro\n - CURLINFO_PROTOCOL.3: mention the existing defined names\n - tests: provide 'manual' as a feature to optionally require\n - travis: enable libssh2 on both macos and Linux\n - CURLOPT_URL.3: added ENCODING section\n - wolfssl: Fix non-blocking connect\n - vtls: don't define MD5_DIGEST_LENGTH for wolfssl\n - docs: remove extraneous commas in man pages\n - URL: fix ASCII dependency in strcpy_url and strlen_url\n - ssh-libssh.c: fix left shift compiler warning\n - configure: only check for CA bundle for file-using SSL backends\n - travis: add an mbedtls build\n - http: don't set the &quot;rewind&quot; flag when not uploading anything\n - configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h\n - transfer: don't unset writesockfd on setup of multiplexed conns\n - vtls: use unified &quot;supports&quot; bitfield member in backends\n - URLs: fix one more http url\n - travis: add a build using WolfSSL\n - openssl: change FILE ops to BIO ops\n - travis: add build using NSS\n - smb: reject negative file sizes\n - cookies: accept parameter names as cookie name\n - http2: getsock fix for uploads\n - all over: fixed format specifiers\n - http2: use the correct function pointer typedef\n\n", "cvss3": {}, "published": "2018-06-09T15:09:49", "type": "suse", "title": "Security update for curl (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-1000300", "CVE-2018-1000301"], "modified": "2018-06-09T15:09:49", "id": "OPENSUSE-SU-2018:1624-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00015.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-10T02:37:48", "description": "This update for curl fixes the following issues:\n\n - CVE-2018-16840: A use after free in closing SASL handles was fixed\n (bsc#1112758)\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\n could lead to crashes (bsc#1113660)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2018-11-10T00:16:25", "type": "suse", "title": "Security update for curl (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2018-11-10T00:16:25", "id": "OPENSUSE-SU-2018:3699-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00009.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-15T17:51:03", "description": "This update for curl fixes the following issues:\n\n This security issue was fixed:\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code\n (bsc#1106019)\n\n This non-security issue was fixed:\n\n - Fixed erroneous debug message when paired with OpenSSL (bsc#1089533)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2018-09-15T15:15:01", "type": "suse", "title": "Security update for curl (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2018-09-15T15:15:01", "id": "OPENSUSE-SU-2018:2736-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00033.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-15T17:51:03", "description": "This update for curl fixes the following issues:\n\n This security issue was fixed:\n\n - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code\n (bsc#1106019)\n\n This non-security issue was fixed:\n\n - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes\n due to openssl engines conflicts (bsc#1086367)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-09-15T15:12:20", "type": "suse", "title": "Security update for curl (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-14618"], "modified": "2018-09-15T15:12:20", "id": "OPENSUSE-SU-2018:2731-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00030.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "amazon": [{"lastseen": "2023-06-23T14:59:02", "description": "**Issue Overview:**\n\nA heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. (CVE-2018-16840)\n\nCurl is vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. (CVE-2018-16839)\n\nCurl is vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. (CVE-2018-16842)\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 libcurl-devel-7.53.1-16.86.amzn1.i686 \n \u00a0\u00a0\u00a0 libcurl-7.53.1-16.86.amzn1.i686 \n \u00a0\u00a0\u00a0 curl-7.53.1-16.86.amzn1.i686 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.53.1-16.86.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 curl-7.53.1-16.86.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 libcurl-7.53.1-16.86.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-devel-7.53.1-16.86.amzn1.x86_64 \n \u00a0\u00a0\u00a0 curl-7.53.1-16.86.amzn1.x86_64 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.53.1-16.86.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-16839](<https://access.redhat.com/security/cve/CVE-2018-16839>), [CVE-2018-16840](<https://access.redhat.com/security/cve/CVE-2018-16840>), [CVE-2018-16842](<https://access.redhat.com/security/cve/CVE-2018-16842>)\n\nMitre: [CVE-2018-16839](<https://vulners.com/cve/CVE-2018-16839>), [CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>), [CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-21T23:46:00", "type": "amazon", "title": "Low: curl", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": &quo