CVE-2018-16890 PoC — Haxx libcurl 缓冲区错误漏洞

Source

https://github.com/michelleamesquita/CVE-2018-16890

Associated Vulnerability

Title:Haxx libcurl 缓冲区错误漏洞 (CVE-2018-16890)
Description:Haxx libcurl是瑞典Haxx公司的一筐开源的客户端URL传输库。该产品支持FTP、SFTP、TFTP和HTTP等协议。 Haxx libcurl 7.36.0版本至7.64.0版本中的‘lib / vauth / ntlm.c：ntlm_decode_type2_target’函数存在越界读取漏洞，该漏洞源于用于处理传入的NTLM Type-2消息的函数没有正确验证传入的数据。远程攻击者可利用该漏洞获取敏感信息或造成拒绝服务。

Description

CVE-2018-16890

Readme

# CVE-2018-16890

An out-of-bounds read flaw was found in the way curl handled NTLMv2 type-2 headers. When connecting to a remote malicious server which uses NTLM authentication, the flaw could cause curl to crash.

A simple script to check your curl.

File Snapshot


 [4.0K]  /data/pocs/55663a7c714179217b051d6e0a61075fa2f597b2
├── [1.2K]  check_ntlm_server.py
├── [ 34K]  LICENSE
└── [ 252]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!