Your submission was sent successfully! Close

CVE-2017-8816

Published: 29 November 2017

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
artful
Released (7.55.1-1ubuntu2.2)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial
Released (7.47.0-1ubuntu2.5)
zesty
Released (7.52.1-4ubuntu1.4)