CVE-2018-14618
Description
A heap buffer overflow in curl's NTLM authentication, triggered by an integer overflow when hashing passwords over 2GB on 32-bit systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer overflow in curl's NTLM authentication, triggered by an integer overflow when hashing passwords over 2GB on 32-bit systems.
Vulnerability
In curl versions before 7.61.1, the internal function Curl_ntlm_core_mk_nt_hash computes the temporary storage size by multiplying the password length by two (SUM). On systems with a 32-bit size_t, an integer overflow occurs when the password length exceeds 2 GB (2^31 bytes). This causes a very small buffer to be allocated instead of the intended large one, leading to a heap buffer overflow when data is written into that undersized buffer. The bug is almost identical to CVE-2017-8816 [1][2][3][4].
Exploitation
An attacker would need to supply a password longer than 2 GB to the NTLM authentication process. This could be achieved by a remote client authenticating to a server or by a client connecting to a malicious server. The attacker does not need prior authentication; the password length is the sole trigger. The overflow occurs during the NTLM hash computation, which is reachable when the application uses curl with NTLM authentication [1][2][3].
Impact
Successful exploitation results in a heap buffer overflow, which can lead to arbitrary code execution, information disclosure, or a crash. The attacker may achieve code execution in the context of the application using libcurl, potentially compromising the system. The CVSS score is 7.5 (High) for availability and 6.5 for confidentiality/integrity [1][2][3].
Mitigation
The vulnerability is fixed in curl version 7.61.1 [1][2][3]. Red Hat released updated packages (httpd24-curl 7.61.1 for Red Hat Software Collections, and curl updates for RHEL 7) [1][2]. Ubuntu provided updates in USN-3765-2 for Ubuntu 12.04 ESM [4]. There is no known workaround; upgrading curl to the fixed version is recommended. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog as of the last available data.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- osv-coords11 versionspkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 7.79.1-1.1+ 10 more
- (no CPE)range: < 7.79.1-1.1
- (no CPE)range: < 7.37.0-37.26.1
- (no CPE)range: < 7.60.0-3.9.1
- (no CPE)range: < 7.37.0-70.33.1
- (no CPE)range: < 7.37.0-37.26.1
- (no CPE)range: < 7.37.0-70.33.1
- (no CPE)range: < 7.37.0-37.26.1
- (no CPE)range: < 7.37.0-70.33.1
- (no CPE)range: < 7.37.0-37.26.1
- (no CPE)range: < 7.19.7-1.20.53.16.1
- (no CPE)range: < 7.37.0-70.33.1
Patches
11 file changed · +21 −0
docs/THANKS+21 −0 modified@@ -85,6 +85,7 @@ Anders Bakken Anders Gustafsson Anders Havn Anders Roxell +Anderson Toshiyuki Sasaki Andi Jahja Andre Guibert de Bruet Andre Heinecke @@ -105,6 +106,7 @@ Andrei Cipu Andrei Karas Andrei Kurushin Andrei Sedoi +Andrei Virtosu Andrej E Baranov Andrew Benham Andrew Biggs @@ -132,6 +134,7 @@ Anthony G. Basile Antoine Aubert Antoine Calando Anton Bychkov +Anton Gerasimov Anton Kalmykov Anton Malov Anton Yabchinskiy @@ -235,6 +238,7 @@ Cameron Kaiser Cameron MacMinn Camille Moncelier Caolan McNamara +Carie Pointer Carlo Cannas Carlo Teubner Carlo Wood @@ -275,6 +279,7 @@ Christian Weisgerber Christophe Demory Christophe Legry Christopher Conroy +Christopher Head Christopher Palow Christopher R. Palmer Christopher Stone @@ -334,6 +339,7 @@ Daniel Cater Daniel Egger Daniel Gustafsson Daniel Hwang +Daniel Jeliński Daniel Johnson Daniel Kahn Gillmor Daniel Krügler @@ -624,6 +630,7 @@ Hans-Jurgen May Hardeep Singh Haris Okanovic Harold Stuart +Harry Sintonen Harshal Pradhan Hauke Duden He Qin @@ -656,6 +663,7 @@ Ignacio Vazquez-Abrams Igor Franchuk Igor Novoseltsev Igor Polyakov +Ihor Karpenko Iida Yosiaki Ilguiz Latypov Ilja van Sprundel @@ -777,6 +785,7 @@ Johannes Bauer Johannes Ernst Johannes Schindelin John Bradshaw +John Butterfield John Coffey John Crow John David Anglin @@ -826,6 +835,7 @@ Joonas Kuorilehto Jose Alf Jose Kahan Josef Wolf +Josh Bialkowski Josh Kapell Joshua Kwan Josue Andrade Gomes @@ -891,6 +901,7 @@ Kim Minjoong Kim Rinnewitz Kim Vandry Kimmo Kinnunen +Kirill Marchuk Kjell Ericson Kjetil Jacobsen Klaus Stein @@ -921,6 +932,7 @@ Lars Johannesen Lars Nilsson Lars Torben Wilson Lau Hang Kin +Laurent Bonnans Laurent Rabret Lauri Kasanen Laurie Clark-Michalek @@ -935,6 +947,7 @@ Lenaic Lefever Lenny Rachitsky Leon Winter Leonardo Rosati +Leonardo Taccari Liam Healy Lijo Antony Linas Vepstas @@ -1299,6 +1312,7 @@ Pramod Sharma Prash Dush Praveen Pvs Priyanka Shah +Przemysław Tomaszewski Puneet Pawaia Quagmire Quanah Gibson-Mount @@ -1320,6 +1334,7 @@ Ralf S. Engelschall Ralph Beckmann Ralph Mitchell Ramana Mokkapati +Ran Mozes Randall S. Becker Randy Armstrong Randy McMurchy @@ -1391,6 +1406,7 @@ Robin Johnson Robin Kay Robson Braga Araujo Rod Widdowson +Rodger Combs Rodney Simmons Rodric Glaser Rodrigo Silva @@ -1584,6 +1600,7 @@ Timotej Lazar Timothe Litt Timothy Polich Tinus van den Berg +Tobias Blomberg Tobias Markus Tobias Rundström Tobias Stoeckmann @@ -1706,9 +1723,12 @@ Zachary Seguin Zdenek Pavlas Zekun Ni Zenju on github +Zero King +Zhaoyang Wu Zhouyihai Ding Zmey Petroff Zvi Har'El +adnn on github afrind on github ahodesuka on github anshnd on github @@ -1717,6 +1737,7 @@ asavah on github baumanj on github bsammon on github cbartl on github +clbr on github cmfrolick on github dasimx on github destman on github
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
11- access.redhat.com/errata/RHSA-2018:3558mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:1880mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201903-03mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3765-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3765-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4286mitrevendor-advisoryx_refsource_DEBIAN
- www.securitytracker.com/id/1041605mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- cert-portal.siemens.com/productcert/pdf/ssa-436177.pdfmitrex_refsource_CONFIRM
- curl.haxx.se/docs/CVE-2018-14618.htmlmitrex_refsource_CONFIRM
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.