CVE-2018-16840

moderate-risk

Published 2018-10-31

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Do I need to act?

0.30% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 196677150f711a96c38ed123e621f1d4e995b2e5, 81d135d67155c5295b1033679c606165d4e28f3f

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (5)

Curl

Ubuntu Linux

Affected Vendors

Canonical Haxx

References (12)

Third Party Advisory http://www.securitytracker.com/id/1042013

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840

Patch https://curl.haxx.se/docs/CVE-2018-16840.html

Patch https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f

Third Party Advisory https://security.gentoo.org/glsa/201903-03

Third Party Advisory https://usn.ubuntu.com/3805-1/

Third Party Advisory http://www.securitytracker.com/id/1042013

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840

Patch https://curl.haxx.se/docs/CVE-2018-16840.html

Patch https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f

Third Party Advisory https://security.gentoo.org/glsa/201903-03

Third Party Advisory https://usn.ubuntu.com/3805-1/

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 12/34 · Low