Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/curl@7.61.1-r0?arch=armhf&distroversion=v3.23&reponame=main
Typeapk
Namespacealpine
Namecurl
Version7.61.1-r0
Qualifiers
arch armhf
distroversion v3.23
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.62.0-r0
Latest_non_vulnerable_version8.19.0-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1kpz-55f1-f7dj
vulnerability_id VCID-1kpz-55f1-f7dj
summary curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14618
reference_id
reference_type
scores
0
value 0.00493
scoring_system epss
scoring_elements 0.661
published_at 2026-06-05T12:55:00Z
1
value 0.00493
scoring_system epss
scoring_elements 0.66048
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14618
2
reference_url https://curl.se/docs/CVE-2018-14618.html
reference_id
reference_type
scores
0
value High
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2018-14618.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url http://www.securitytracker.com/id/1041605
reference_id 1041605
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url http://www.securitytracker.com/id/1041605
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1622707
reference_id 1622707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1622707
7
reference_url https://usn.ubuntu.com/3765-1/
reference_id 3765-1
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://usn.ubuntu.com/3765-1/
8
reference_url https://usn.ubuntu.com/3765-2/
reference_id 3765-2
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://usn.ubuntu.com/3765-2/
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327
reference_id 908327
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327
10
reference_url https://curl.haxx.se/docs/CVE-2018-14618.html
reference_id CVE-2018-14618.html
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://curl.haxx.se/docs/CVE-2018-14618.html
11
reference_url https://www.debian.org/security/2018/dsa-4286
reference_id dsa-4286
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://www.debian.org/security/2018/dsa-4286
12
reference_url https://security.gentoo.org/glsa/201903-03
reference_id GLSA-201903-03
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://security.gentoo.org/glsa/201903-03
13
reference_url https://access.redhat.com/errata/RHSA-2019:1880
reference_id RHSA-2019:1880
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://access.redhat.com/errata/RHSA-2019:1880
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618
reference_id show_bug.cgi?id=CVE-2018-14618
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618
15
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014
reference_id SNWLID-2018-0014
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014
16
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
reference_id ssa-436177.pdf
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
fixed_packages
0
url pkg:apk/alpine/curl@7.61.1-r0?arch=armhf&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/curl@7.61.1-r0?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.61.1-r0%3Farch=armhf&distroversion=v3.23&reponame=main
aliases CVE-2018-14618
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kpz-55f1-f7dj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.61.1-r0%3Farch=armhf&distroversion=v3.23&reponame=main