CURL-CVE-2018-16839 SASL password overflow via integer overflow
libcurl contains a buffer overrun in the SASL authentication code. The internal function Curlauthcreateplainmessage fails to correctly verify that the passed in lengths for name and password are not too long, then calculates a buffer size to allocate. On systems with a 32-bit sizet, the math to...