Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
Haxx libcurl 缓冲区错误漏洞
Vulnerability Description
Haxx libcurl是瑞典Haxx公司的一筐开源的客户端URL传输库。该产品支持FTP、SFTP、TFTP和HTTP等协议。 libcurl 7.36.0版本至7.64.0版本中的‘lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message’函数存在基于堆栈的缓冲区溢出漏洞。远程攻击者可利用该漏洞造成拒绝服务或可能执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A