194 matches found
CVE-2019-13565
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs...
[ASA-201907-1] irssi: arbitrary code execution
Arch Linux Security Advisory ASA-201907-1 ========================================= Severity: High Date : 2019-07-01 CVE-ID : CVE-2019-13045 Package : irssi Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-999 Summary ======= The package irssi before version...
curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...
EulerOS Virtualization for ARM 64 3.0.1.0 : memcached (EulerOS-SA-2019-1396)
According to the versions of the memcached package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An...
openSUSE Security Update : curl (openSUSE-2019-1311)
This update for curl fixes the following issues : Security issue fixed : - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0996-1)
This update for curl fixes the following issues : Security issue fixed : CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SUSE-SU-2019:0996-1 Security update for curl
This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758...
Amazon Linux AMI : curl (ALAS-2019-1148)
A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct field within that...
Low: curl
Issue Overview: A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct fiel...
Privilege Escalation
389-ds-base is vulnerable to privilege escalation attacks. The vulnerability exists as the SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bi...
USN-3805-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a...
[ASA-201811-9] lib32-curl: arbitrary code execution
Arch Linux Security Advisory ASA-201811-9 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16839 CVE-2018-16840 Package : lib32-curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-796 Summary ======= The package...
Haxx curl buffer overflow vulnerability (CNVD-2019-35853)
Haxx curl is a set of file transfer tools from the Swedish company Haxx that utilize URL syntax to work at the command line. The tool supports file uploads and downloads and includes a libcurl client-side URL transfer library for program development. A buffer overflow vulnerability exists in the...
Buffer overflow
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...
ALPINE-CVE-2018-16839
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...
CVE-2018-16839
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...
CVE-2018-16839
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...
CVE-2018-16839
Curl/libcurl versions 7.33.0–7.61.1 are vulnerable to a SASL authentication buffer overrun that may trigger a denial of service. Root cause: improper handling in the SASL code leads to overrun/overflow. Impact: denial of service; no explicit exploit details provided here. Remediation: upgrade to ...
USN-3805-1 curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-16839 Brian Carpenter discovered that curl incorrectly handled memory when...
CURL-CVE-2018-16839 SASL password overflow via integer overflow
libcurl contains a buffer overrun in the SASL authentication code. The internal function Curlauthcreateplainmessage fails to correctly verify that the passed in lengths for name and password are not too long, then calculates a buffer size to allocate. On systems with a 32-bit sizet, the math to...