CVE-2018-16840

Published: August 31, 2023Last modified: December 15, 2025

Description

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Severity score breakdown

Parameter	Value
Base score	9.8
Attack Vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity impact	HIGH
Availability impact	HIGH
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	curl	Not affected (8.2.1-r0)
Alpaquita Linux	Stream	curl	Not affected (8.2.1-r0)
Hardened Containers	Stream	curl	Not affected (8.2.1-r0)

References

http://www.securitytracker.com/id/1042013
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840
https://curl.haxx.se/docs/CVE-2018-16840.html
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
https://security.gentoo.org/glsa/201903-03
https://usn.ubuntu.com/3805-1/