Details of VAR-201809-0686

ID

VAR-201809-0686

CVE

CVE-2018-14618

TITLE

curl Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013634

DESCRIPTION

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.). curl Contains an integer overflow vulnerability. This vulnerability CVE-2017-8816 It is a similar problem.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. cURL/libcURL version 7.15.4 through 7.61.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 10, 2019 Bugs: #665292, #670026, #677346 ID: 201903-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Background ========== A command line tool and library for transferring data with URLs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.64.0 >= 7.64.0 Description =========== Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact ====== Remote attackers could cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0" References ========== [ 1 ] CVE-2018-14618 https://nvd.nist.gov/vuln/detail/CVE-2018-14618 [ 2 ] CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16839 [ 3 ] CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 [ 4 ] CVE-2018-16842 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 [ 5 ] CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 [ 6 ] CVE-2019-3823 https://nvd.nist.gov/vuln/detail/CVE-2019-3823 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3765-2 September 17, 2018 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: curl could be made to run arbitrary code if it received a specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl incorrectly handled certain inputs. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.23 libcurl3 7.22.0-3ubuntu4.23 libcurl3-gnutls 7.22.0-3ubuntu4.23 libcurl3-nss 7.22.0-3ubuntu4.23 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: curl security and bug fix update Advisory ID: RHSA-2019:1880-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1880 Issue date: 2019-07-29 CVE Names: CVE-2018-14618 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: NTLM password overflow via integer overflow (CVE-2018-14618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * baseurl with file:// hangs and then timeout in yum repo (BZ#1709474) * curl crashes on http links with rate-limit (BZ#1711914) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: curl-7.29.0-51.el7_6.3.src.rpm x86_64: curl-7.29.0-51.el7_6.3.x86_64.rpm curl-debuginfo-7.29.0-51.el7_6.3.i686.rpm curl-debuginfo-7.29.0-51.el7_6.3.x86_64.rpm libcurl-7.29.0-51.el7_6.3.i686.rpm libcurl-7.29.0-51.el7_6.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: curl-debuginfo-7.29.0-51.el7_6.3.i686.rpm curl-debuginfo-7.29.0-51.el7_6.3.x86_64.rpm libcurl-devel-7.29.0-51.el7_6.3.i686.rpm libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: curl-7.29.0-51.el7_6.3.src.rpm x86_64: curl-7.29.0-51.el7_6.3.x86_64.rpm curl-debuginfo-7.29.0-51.el7_6.3.i686.rpm curl-debuginfo-7.29.0-51.el7_6.3.x86_64.rpm libcurl-7.29.0-51.el7_6.3.i686.rpm libcurl-7.29.0-51.el7_6.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: curl-debuginfo-7.29.0-51.el7_6.3.i686.rpm curl-debuginfo-7.29.0-51.el7_6.3.x86_64.rpm libcurl-devel-7.29.0-51.el7_6.3.i686.rpm libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: curl-7.29.0-51.el7_6.3.src.rpm ppc64: curl-7.29.0-51.el7_6.3.ppc64.rpm curl-debuginfo-7.29.0-51.el7_6.3.ppc.rpm curl-debuginfo-7.29.0-51.el7_6.3.ppc64.rpm libcurl-7.29.0-51.el7_6.3.ppc.rpm libcurl-7.29.0-51.el7_6.3.ppc64.rpm libcurl-devel-7.29.0-51.el7_6.3.ppc.rpm libcurl-devel-7.29.0-51.el7_6.3.ppc64.rpm ppc64le: curl-7.29.0-51.el7_6.3.ppc64le.rpm curl-debuginfo-7.29.0-51.el7_6.3.ppc64le.rpm libcurl-7.29.0-51.el7_6.3.ppc64le.rpm libcurl-devel-7.29.0-51.el7_6.3.ppc64le.rpm s390x: curl-7.29.0-51.el7_6.3.s390x.rpm curl-debuginfo-7.29.0-51.el7_6.3.s390.rpm curl-debuginfo-7.29.0-51.el7_6.3.s390x.rpm libcurl-7.29.0-51.el7_6.3.s390.rpm libcurl-7.29.0-51.el7_6.3.s390x.rpm libcurl-devel-7.29.0-51.el7_6.3.s390.rpm libcurl-devel-7.29.0-51.el7_6.3.s390x.rpm x86_64: curl-7.29.0-51.el7_6.3.x86_64.rpm curl-debuginfo-7.29.0-51.el7_6.3.i686.rpm curl-debuginfo-7.29.0-51.el7_6.3.x86_64.rpm libcurl-7.29.0-51.el7_6.3.i686.rpm libcurl-7.29.0-51.el7_6.3.x86_64.rpm libcurl-devel-7.29.0-51.el7_6.3.i686.rpm libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: curl-7.29.0-51.el7_6.3.src.rpm aarch64: curl-7.29.0-51.el7_6.3.aarch64.rpm curl-debuginfo-7.29.0-51.el7_6.3.aarch64.rpm libcurl-7.29.0-51.el7_6.3.aarch64.rpm libcurl-devel-7.29.0-51.el7_6.3.aarch64.rpm ppc64le: curl-7.29.0-51.el7_6.3.ppc64le.rpm curl-debuginfo-7.29.0-51.el7_6.3.ppc64le.rpm libcurl-7.29.0-51.el7_6.3.ppc64le.rpm libcurl-devel-7.29.0-51.el7_6.3.ppc64le.rpm s390x: curl-7.29.0-51.el7_6.3.s390x.rpm curl-debuginfo-7.29.0-51.el7_6.3.s390.rpm curl-debuginfo-7.29.0-51.el7_6.3.s390x.rpm libcurl-7.29.0-51.el7_6.3.s390.rpm libcurl-7.29.0-51.el7_6.3.s390x.rpm libcurl-devel-7.29.0-51.el7_6.3.s390.rpm libcurl-devel-7.29.0-51.el7_6.3.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: curl-7.29.0-51.el7_6.3.src.rpm x86_64: curl-7.29.0-51.el7_6.3.x86_64.rpm curl-debuginfo-7.29.0-51.el7_6.3.i686.rpm curl-debuginfo-7.29.0-51.el7_6.3.x86_64.rpm libcurl-7.29.0-51.el7_6.3.i686.rpm libcurl-7.29.0-51.el7_6.3.x86_64.rpm libcurl-devel-7.29.0-51.el7_6.3.i686.rpm libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-14618 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXT8OSdzjgjWX9erEAQgkpw/9H1BB0gT4Hr2JCJQqmWyEwqKcGJbvn6Kk KXSTXDzMthovBInO4kEjcnKyxZHNrvtQ+HoDr0e2SZNTEPehh35w7tJtiwzfYzc2 wk4K7cZiaRbYzCAnkH5SanFVPIJ7PbIgZZ7eoOtSHojvrysUvqFyXY04rIzw0CIS MMFyg2Z5RCknnXDLtGHyRRcv6Ltxmp9uoQFW+IA5Zpn/Ppq8zFmuOTLjPe762Loc 4FzYIImeJ8F/CByxg9sKnyoWxgBiA3F9GYxXjur1S3NnmWwqIoeybuyVLr05FiIO AfQ4lStJtiJZFWjgVVjJYeM9PS7Xc+q7A0prAxKQwXXedHAqA3uAUemwlGvNhqZg WsTJ0EZDqYi0qU00L2sc4AW65FwDko0TV3Vyzd4kmmtOa3e8F19F119CQwtwodiA lNX+V4JFoTo3+kMSO51TWK9Mu2bldEVKcLqqjohv83TQcAeFPPVcRePuv/O6FSdo RUxhxpsf53r0welpd1mPvwvIEz/7m8m5OAmNiRziXm1s/2vhXzUjfbyEeOq0dmOY dc7mHZ5snB3/QtmzWf/90DMe/wpI8IIU0u+9aP6oOTS0f3Blcvm1Z85mOrCQirEA PTW4SMfBwQ0DUrt3zBaHiegThJMv2f2ivMnNGJW+P0rW24JRp0hMjbw1e1sFLptu Xwo4DZx4tiI=2qw9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . See https://curl.haxx.se/docs/CVE-2018-14618.html for more information. For the stable distribution (stretch), this problem has been fixed in version 7.52.1-5+deb9u7. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAluQNvMACgkQbwzL4CFi RygTog//QTj+fBPm49RW3szmgcyGwkh/kccOPSlTeuafg7mAX9pJRIqIE3AE1dNN UJMYe09qYpN/mR2kewpeu8LOYBoJnjhBcrCtXv1Tz2RgLTbROqfAiOPGLkSSFM8O Loor2LDpbcLIMPqYiYHmcEsTE+BJVmZ0rsyG77GaMoDP0juFfj1LM17JnQLSITVB yggSYdfNkmJI91g08KdVEHkvxxHw1qR98zF8Ft0Z+vg6is11As1LF8O0UH9XYQym 7PWhRdO3hwYcsFqc+c/HEdM9cPxKMFHX1KCfGcW4VElmL2GSyBTWUvkoH9s2NvZF IiRR5xJz8Z8Exdj/mWHGCn10ZT2QWvYljZpqCdXw4c5mxTnmCBIGJswq8Ds23iG+ xsI8l4RJfpIpku7gERgJX0jKmFWh4rmIdRwK50C39MCC1NgKDbH8NglKF6LzNBnz QK7jDg/cKjZ0N2nMKXQUWPrzyE6WrbdwJy5V1yAPT7wGBlvC3NPOBxBkARxlEAv9 Qw0eZiPBSUNc+FGBEsTEH2PWcGwBN7FXHgzJ2JpUpIRB6pxYnI16gwJEgz2VLKLb xJ//HtoJsm0wAiDtq9AvEkQANVDHb/p9+BYrJw+NMRTuUaJKVBKeuowFEm4aAJP5 Z84D9LjdILwEXoBkxgMwrzNuyuaryFq10XaazC/uUitn5guRtrY=mPG5 -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.61.1-i586-1_slack14.2.txz: Upgraded. For more information, see: https://curl.haxx.se/docs/CVE-2018-14618.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.61.1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.61.1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.61.1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.61.1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.61.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.61.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.61.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.61.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: d6493074efefb47021747a0f525a3875 curl-7.61.1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9d5fb07395d570c7af54d306dff25e0d curl-7.61.1-x86_64-1_slack14.0.txz Slackware 14.1 package: fff7b1f0df80b7b8386e6b1b58fadaec curl-7.61.1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: fe69bb3baaf679dec8bd3abea3c6ef02 curl-7.61.1-x86_64-1_slack14.1.txz Slackware 14.2 package: e130826573cd1cf9b5d769690ff91811 curl-7.61.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 161e1f2949b0285484de8aa16953c5e7 curl-7.61.1-x86_64-1_slack14.2.txz Slackware -current package: 7135b216f6e989b0ae3e6123f6a07083 n/curl-7.61.1-i586-1.txz Slackware x86_64 -current package: b96ce6cdc7ae46e5979563f8f939fcfd n/curl-7.61.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.61.1-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 2.52

sources: NVD: CVE-2018-14618 // JVNDB: JVNDB-2018-013634 // BID: 107835 // VULMON: CVE-2018-14618 // PACKETSTORM: 152034 // PACKETSTORM: 149396 // PACKETSTORM: 149395 // PACKETSTORM: 153792 // PACKETSTORM: 149247 // PACKETSTORM: 149249

AFFECTED PRODUCTS

vendor:	haxx	model:	libcurl	scope:	lt	version:	7.61.1	Trust: 1.8
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.6	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	18.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux esm	scope:	eq	version:	12.04	Trust: 0.3
vendor:	siemens	model:	sinema remote connect client	scope:	eq	version:	1.0	Trust: 0.3
vendor:	redhat	model:	software collections for rhel workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	software collections for rhel workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	170	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	17.6	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	17.5	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	17.4	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	16	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.61	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.60	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.59	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.58	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.57	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.56.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.56	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.55.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.54.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.54	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.53.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.53	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.52	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.51	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.47	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.46	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.43	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.42.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.36	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.34	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.33	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.32	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.31	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.30	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.25	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.23	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.22	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.20	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.6	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.4	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.18.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.18	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.17	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.4	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.15.5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.55.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.52.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.49.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.48.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.42.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.41.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.40.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.39	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.38.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.37.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.37.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.35.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.29.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.28.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.28.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.27.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.26.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.24.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.23.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.7	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.6	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.4	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.20.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.7	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.18.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.17.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.15.4	Trust: 0.3
vendor:	siemens	model:	sinema remote connect client hf1	scope:	ne	version:	2.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	ne	version:	7.61.1	Trust: 0.3

sources: BID: 107835 // JVNDB: JVNDB-2018-013634 // NVD: CVE-2018-14618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14618
value:	CRITICAL
Trust: 1.0
secalert@redhat.com:	CVE-2018-14618
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-14618
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201809-215
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2018-14618
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14618
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2018-14618
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
secalert@redhat.com:	CVE-2018-14618
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULMON: CVE-2018-14618 // JVNDB: JVNDB-2018-013634 // CNNVD: CNNVD-201809-215 // NVD: CVE-2018-14618 // NVD: CVE-2018-14618

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.8
problemtype:	CWE-122	Trust: 1.0
problemtype:	CWE-131	Trust: 1.0

sources: JVNDB: JVNDB-2018-013634 // NVD: CVE-2018-14618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-215

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201809-215

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013634

PATCH

title:	DSA-4286	url:	https://www.debian.org/security/2018/dsa-4286	Trust: 0.8
title:	Bug 1622707	url:	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618	Trust: 0.8
title:	RHSA-2018:3558	url:	https://access.redhat.com/errata/RHSA-2018:3558	Trust: 0.8
title:	NTLM password overflow via integer overflow	url:	https://curl.haxx.se/docs/CVE-2018-14618.html	Trust: 0.8
title:	USN-3765-1	url:	https://usn.ubuntu.com/3765-1/	Trust: 0.8
title:	USN-3765-2	url:	https://usn.ubuntu.com/3765-2/	Trust: 0.8
title:	Haxx curl Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84547	Trust: 0.6
title:	Red Hat: Low: curl security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191880 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: curl vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3765-1	Trust: 0.1
title:	Ubuntu Security Notice: curl vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3765-2	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1112	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1112	Trust: 0.1
title:	Red Hat: CVE-2018-14618	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-14618	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in cURL (CVE-2018-14618)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=a1829bb84184b37e71ea49829931b07f	Trust: 0.1
title:	Debian CVElist Bug Report Logs: curl: CVE-2018-14618: NTLM password overflow via integer overflow	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=bcc124abe94afd85dbaa24ccf7746c39	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7531c7915b1d94fd00f2e04e9f32c65b	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1135	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1135	Trust: 0.1
title:	IBM: IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Storage – GlusterFS and Minio	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7fea8e095b9e5b4078d6992b0167a6bc	Trust: 0.1
title:	IBM: IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=07514a487c5c08ab5176c6cdf0fd6ac5	Trust: 0.1
title:	IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=443b53fd5630b4348dc744a4e12c5e7e	Trust: 0.1
title:	Red Hat: Moderate: httpd24 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183558 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=8a056bd2177d12192b11798b7ac3e013	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentd	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=60de0933c28b353f38df30120aa2a908	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61	Trust: 0.1
title:	enforcer	url:	https://github.com/ibrokethecloud/enforcer	Trust: 0.1
title:	TrivyWeb	url:	https://github.com/KorayAgaya/TrivyWeb	Trust: 0.1
title:	github_aquasecurity_trivy	url:	https://github.com/back8/github_aquasecurity_trivy	Trust: 0.1
title:	Vulnerability-Scanner-for-Containers	url:	https://github.com/t31m0/Vulnerability-Scanner-for-Containers	Trust: 0.1
title:	security	url:	https://github.com/umahari/security	Trust: 0.1
title:	trivy	url:	https://github.com/siddharthraopotukuchi/trivy	Trust: 0.1
title:	trivy	url:	https://github.com/simiyo/trivy	Trust: 0.1
title:	trivy	url:	https://github.com/aquasecurity/trivy	Trust: 0.1
title:	trivy	url:	https://github.com/knqyf263/trivy	Trust: 0.1

sources: VULMON: CVE-2018-14618 // JVNDB: JVNDB-2018-013634 // CNNVD: CNNVD-201809-215

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14618	Trust: 3.4
db:	SIEMENS	id:	SSA-436177	Trust: 2.0
db:	ICS CERT	id:	ICSA-19-099-04	Trust: 1.8
db:	SECTRACK	id:	1041605	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-013634	Trust: 0.8
db:	PACKETSTORM	id:	152034	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0783	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0795	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0473	Trust: 0.6
db:	CNNVD	id:	CNNVD-201809-215	Trust: 0.6
db:	BID	id:	107835	Trust: 0.3
db:	VULMON	id:	CVE-2018-14618	Trust: 0.1
db:	PACKETSTORM	id:	149396	Trust: 0.1
db:	PACKETSTORM	id:	149395	Trust: 0.1
db:	PACKETSTORM	id:	153792	Trust: 0.1
db:	PACKETSTORM	id:	149247	Trust: 0.1
db:	PACKETSTORM	id:	149249	Trust: 0.1

sources: VULMON: CVE-2018-14618 // BID: 107835 // PACKETSTORM: 152034 // PACKETSTORM: 149396 // PACKETSTORM: 149395 // PACKETSTORM: 153792 // PACKETSTORM: 149247 // PACKETSTORM: 149249 // JVNDB: JVNDB-2018-013634 // CNNVD: CNNVD-201809-215 // NVD: CVE-2018-14618

REFERENCES

url:	https://curl.haxx.se/docs/cve-2018-14618.html	Trust: 2.2
url:	https://usn.ubuntu.com/3765-1/	Trust: 2.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-14618	Trust: 2.0
url:	https://www.debian.org/security/2018/dsa-4286	Trust: 2.0
url:	https://usn.ubuntu.com/3765-2/	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2018:3558	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf	Trust: 2.0
url:	https://security.gentoo.org/glsa/201903-03	Trust: 1.8
url:	http://www.securitytracker.com/id/1041605	Trust: 1.7
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0014	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14618	Trust: 1.4
url:	https://access.redhat.com/errata/rhsa-2019:1880	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14618	Trust: 0.9
url:	https://www.us-cert.gov/ics/advisories/icsa-19-099-04	Trust: 0.8
url:	http://www.ibm.com/support/docview.wss	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76910	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76998	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10870676	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-affects-ibm-cloud-pak-system-cve-2018-14618/	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10870936	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10791573	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1173136	Trust: 0.6
url:	https://packetstormsecurity.com/files/152034/gentoo-linux-security-advisory-201903-03.html	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10791553	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1143490	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75618	Trust: 0.6
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-099-04	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-14618	Trust: 0.4
url:	https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch	Trust: 0.3
url:	http://curl.haxx.se/	Trust: 0.3
url:	https://github.com/falconindy/curl/commit/e6c2dea7ddd2ed63a78576b176fdbd0b3f132e31	Trust: 0.3
url:	https://usn.ubuntu.com/usn/usn-3765-1	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=58865	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3822	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16840	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3823	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16839	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3765-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.17	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/curl	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1

CREDITS

Siemens ProductCERT reported these vulnerabilities to NCCIC.,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201809-215

SOURCES

db:	VULMON	id:	CVE-2018-14618
db:	BID	id:	107835
db:	PACKETSTORM	id:	152034
db:	PACKETSTORM	id:	149396
db:	PACKETSTORM	id:	149395
db:	PACKETSTORM	id:	153792
db:	PACKETSTORM	id:	149247
db:	PACKETSTORM	id:	149249
db:	JVNDB	id:	JVNDB-2018-013634
db:	CNNVD	id:	CNNVD-201809-215
db:	NVD	id:	CVE-2018-14618

LAST UPDATE DATE

2025-08-12T21:35:43.280000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-14618	date:	2019-04-22T00:00:00
db:	BID	id:	107835	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-013634	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201809-215	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2018-14618	date:	2024-11-21T03:49:26.003

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-14618	date:	2018-09-05T00:00:00
db:	BID	id:	107835	date:	2018-09-05T00:00:00
db:	PACKETSTORM	id:	152034	date:	2019-03-11T18:48:31
db:	PACKETSTORM	id:	149396	date:	2018-09-17T23:44:00
db:	PACKETSTORM	id:	149395	date:	2018-09-17T23:23:00
db:	PACKETSTORM	id:	153792	date:	2019-07-29T18:57:40
db:	PACKETSTORM	id:	149247	date:	2018-09-06T14:14:48
db:	PACKETSTORM	id:	149249	date:	2018-09-06T14:15:01
db:	JVNDB	id:	JVNDB-2018-013634	date:	2019-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201809-215	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2018-14618	date:	2018-09-05T19:29:00.420