Home

CVE-2018-16840

Description

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an easy handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.244

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 are affected in Curl For Windows 7.61.1Windows
Vulnerabilities CVE-2018-16842,CVE-2018-16840,CVE-2018-16839 are fixed in Curl For Windows 7.62.0Windows
SUSE-SU-2018:3608-1(SUSE Linux Enterprise Desktop 12-SP3 ) curl-7.37.0-37.31.1.x86_64.rpmLinux
SUSE-SU-2018:3608-1(SUSE Linux Enterprise Desktop 12-SP3 ) curl-debuginfo-7.37.0-37.31.1.x86_64.rpmLinux
SUSE-SU-2018:3608-1(SUSE Linux Enterprise Desktop 12-SP3 ) curl-debugsource-7.37.0-37.31.1.x86_64.rpmLinux
SUSE-SU-2018:3608-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-7.37.0-37.31.1.x86_64.rpmLinux
SUSE-SU-2018:3608-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-32bit-7.37.0-37.31.1.x86_64.rpmLinux
SUSE-SU-2018:3608-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-debuginfo-7.37.0-37.31.1.x86_64.rpmLinux
SUSE-SU-2018:3608-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-debuginfo-32bit-7.37.0-37.31.1.x86_64.rpmLinux
SUSE-SU-2018:3681-1(SUSE Linux Enterprise Server 11-SP4 ) curl-7.37.0-70.38.1.i586.rpmLinux
SUSE-SU-2018:3681-1(SUSE Linux Enterprise Server 11-SP4 ) curl-7.37.0-70.38.1.x86_64.rpmLinux
SUSE-SU-2018:3681-1(SUSE Linux Enterprise Server 11-SP4 ) libcurl4-7.37.0-70.38.1.i586.rpmLinux
SUSE-SU-2018:3681-1(SUSE Linux Enterprise Server 11-SP4 ) libcurl4-7.37.0-70.38.1.x86_64.rpmLinux
SUSE-SU-2018:3681-1(SUSE Linux Enterprise Server 11-SP4 ) libcurl4-32bit-7.37.0-70.38.1.x86_64.rpmLinux
SUSE-SU-2019:0339-1(SUSE Linux Enterprise Desktop 12-SP4 ) curl-7.60.0-4.3.1.x86_64.rpmLinux
SUSE-SU-2019:0339-1(SUSE Linux Enterprise Desktop 12-SP4 ) curl-debuginfo-7.60.0-4.3.1.x86_64.rpmLinux
SUSE-SU-2019:0339-1(SUSE Linux Enterprise Desktop 12-SP4 ) curl-debugsource-7.60.0-4.3.1.x86_64.rpmLinux
SUSE-SU-2019:0339-1(SUSE Linux Enterprise Desktop 12-SP4 ) libcurl4-7.60.0-4.3.1.x86_64.rpmLinux
SUSE-SU-2019:0339-1(SUSE Linux Enterprise Desktop 12-SP4 ) libcurl4-32bit-7.60.0-4.3.1.x86_64.rpmLinux
SUSE-SU-2019:0339-1(SUSE Linux Enterprise Desktop 12-SP4 ) libcurl4-debuginfo-7.60.0-4.3.1.x86_64.rpmLinux
SUSE-SU-2019:0339-1(SUSE Linux Enterprise Desktop 12-SP4 ) libcurl4-debuginfo-32bit-7.60.0-4.3.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234