CVE-2018-16890

HIGH

libcurl <7.64.0 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-16890. PoCs published by michelleamesquita.

AI-analyzed exploit summary This PoC demonstrates CVE-2018-16890, an out-of-bounds read flaw in curl's handling of NTLMv2 type-2 headers. It sets up a malicious server that sends crafted NTLM authentication headers to trigger a crash in vulnerable curl clients.

Description

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Exploits (1)

nomisec WORKING POC
by michelleamesquita · poc
https://github.com/michelleamesquita/CVE-2018-16890

This PoC demonstrates CVE-2018-16890, an out-of-bounds read flaw in curl's handling of NTLMv2 type-2 headers. It sets up a malicious server that sends crafted NTLM authentication headers to trigger a crash in vulnerable curl clients.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: curl (versions affected by CVE-2018-16890)
No auth needed
Prerequisites: Vulnerable curl client · Network access to the target
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4386
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106947
Patch, Vendor Advisory x_refsource_misc
https://curl.haxx.se/docs/CVE-2018-16890.html
Patch, Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190315-0001/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3882-1/
Issue Tracking, Mitigation, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3701

Scores

CVSS v3 7.5
EPSS 0.0535
EPSS Percentile 91.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125 CWE-190
Status published
Products (15)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
debian/debian_linux 9.0
f5/big-ip_access_policy_manager 13.1.0 - 13.1.3
haxx/libcurl 7.36.0 - 7.64.0
netapp/clustered_data_ontap
oracle/communications_operations_monitor 3.4
oracle/communications_operations_monitor 4.0
... and 5 more
Published Feb 06, 2019
Tracked Since Feb 18, 2026