CVE-2017-8816
Description
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.438
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2017-8816,CVE-2017-8817 are affected in Curl For Windows 7.54.1 | Windows |
| Vulnerabilities CVE-2017-8818,CVE-2017-8817,CVE-2017-8816 are fixed in Curl For Windows 7.57.0 | Windows |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo Update | Mac |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) curl_7.52.1-4ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) curl_7.52.1-4ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3_7.52.1-4ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3_7.52.1-4ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-nss_7.52.1-4ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-nss_7.52.1-4ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-gnutls_7.52.1-4ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-gnutls_7.52.1-4ubuntu1.4_amd64.deb | Linux |
| curl security update(DSA-4051-1) curl_7.38.0-4+deb8u8_i386.deb | Linux |
| curl security update(DSA-4051-1) curl_7.38.0-4+deb8u8_amd64.deb | Linux |
| curl security update(DSA-4051-1) curl_7.52.1-5+deb9u3_i386.deb | Linux |
| curl security update(DSA-4051-1) curl_7.52.1-5+deb9u3_amd64.deb | Linux |
| Integer Overflow or Wraparound Vulnerability (CVE-2017-8816) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234