vulnerability
SUSE: CVE-2018-16840: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Oct 31, 2018 | Nov 3, 2018 | Oct 22, 2021 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Oct 31, 2018
Added
Nov 3, 2018
Modified
Oct 22, 2021
Description
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Solution(s)
suse-upgrade-curlsuse-upgrade-curl-minisuse-upgrade-curl-openssl1suse-upgrade-libcurl-develsuse-upgrade-libcurl-devel-32bitsuse-upgrade-libcurl-mini-develsuse-upgrade-libcurl4suse-upgrade-libcurl4-32bitsuse-upgrade-libcurl4-minisuse-upgrade-libcurl4-openssl1suse-upgrade-libcurl4-openssl1-32bitsuse-upgrade-libcurl4-openssl1-x86suse-upgrade-libcurl4-x86
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.