[ASA-201811-5] libcurl-compat: arbitrary code execution
foxboron at archlinux.org
Sat Nov 10 21:22:28 UTC 2018
Arch Linux Security Advisory ASA-201811-5
Date : 2018-11-06
CVE-ID : CVE-2018-16840
Package : libcurl-compat
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-800
The package libcurl-compat before version 7.62.0-1 is vulnerable to
arbitrary code execution.
Upgrade to 7.62.0-1.
# pacman -Syu "libcurl-compat>=7.62.0-1"
The problem has been fixed upstream in version 7.62.0.
A heap use-after-free flaw was found in curl versions from 7.59.0
through 7.61.1 in the code related to closing an easy handle. When
closing and cleaning up an 'easy' handle in the `Curl_close()`
function, the library code first frees a struct (without nulling the
pointer) and might then subsequently erroneously write to a struct
field within that already freed struct.
A malicious remote server might be able to execute arbitrary commands
by closing the connection from a client using easy handlers.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security