QwikSec

Security Database

CVE

CWE

Training

CVE-2018-16840

Published: Oct 31, 2018

Modified: Apr 16, 2026

PUBLISHED

CVSS v3.0

4.3

MEDIUM

Description

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Vendor	Product	Versions
The Curl Project	curl	affected `from 7.59.0 to 7.61.1`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

vendor-advisory

x_refsource_GENTOO

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840

x_refsource_CONFIRM

https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

https://curl.haxx.se/docs/CVE-2018-16840.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.