{"id":"CURL-CVE-2017-8816","summary":"NTLM buffer overflow via integer overflow","details":"libcurl contains a buffer overrun flaw in the NTLM authentication code.\n\nThe internal function `Curl_ntlm_core_mk_ntlmv2_hash` sums up the lengths of\nthe username + password (= SUM) and multiplies the sum by two (= SIZE) to\nfigure out how large storage to allocate from the heap.\n\nThe SUM value is subsequently used to iterate over the input and generate\noutput into the storage buffer. On systems with a 32-bit `size_t`, the math to\ncalculate SIZE triggers an integer overflow when the combined lengths of the\nusername and password is larger than 2GB (2^31 bytes). This integer overflow\nusually causes a tiny buffer to actually get allocated instead of the intended\nhuge one, making the use of that buffer end up in a buffer overrun.","aliases":["CVE-2017-8816"],"modified":"2026-05-29T05:40:52.270741Z","published":"2017-11-29T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2017-8816.json","www":"https://curl.se/docs/CVE-2017-8816.html","last_affected":"7.56.1","severity":"Medium","package":"curl","affects":"both","CWE":{"desc":"Incorrect Calculation of Buffer Size","id":"CWE-131"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.36.0"},{"fixed":"7.57.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"86724581b6c02d160b52f817550cfdfc9c93af62"},{"fixed":"7f2a1df6f5fc598750b2c6f34465c8d924db28cc"}]}],"versions":["7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","curl-7_56_1","curl-7_56_0","curl-7_55_1","curl-7_55_0","curl-7_54_1","curl-7_54_0","curl-7_53_1","curl-7_53_0","curl-7_52_1","curl-7_52_0","curl-7_51_0","curl-7_50_3","curl-7_50_2","curl-7_50_1","curl-7_50_0","curl-7_49_1","curl-7_49_0","curl-7_48_0","curl-7_47_1","curl-7_47_0","curl-7_46_0","curl-7_45_0","curl-7_44_0","curl-7_43_0","curl-7_42_1","curl-7_42_0","curl-7_41_0","curl-7_40_0","curl-7_39_0","curl-7_38_0","curl-7_37_1","curl-7_37_0","curl-7_36_0"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","source":"https://github.com/curl/curl.git/commit/7f2a1df6f5fc598750b2c6f34465c8d924db28cc","target":{"file":"lib/curl_ntlm_core.c"},"id":"CURL-CVE-2017-8816-1c95057a","digest":{"threshold":0.9,"line_hashes":["143307946170380394322496725193537866435","8611769998002858735245279477916014849","181037343260235494689687892884785204211","7022758903306816365276250846503787395","139373938993082156567472481065001440990","228025209488953948009283304126943692797","197752229475960764220277212291524517432","325462468753846887109300433415764792342","329445625880153167605977306647777408676"]},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","source":"https://github.com/curl/curl.git/commit/7f2a1df6f5fc598750b2c6f34465c8d924db28cc","target":{"function":"Curl_ntlm_core_mk_ntlmv2_hash","file":"lib/curl_ntlm_core.c"},"id":"CURL-CVE-2017-8816-bca56262","digest":{"length":469,"function_hash":"55252544315279078705907572270486622253"},"deprecated":false,"signature_version":"v1"}],"source":"https://curl.se/docs/CURL-CVE-2017-8816.json","vanir_signatures_modified":"2026-05-29T05:40:52Z"}}],"schema_version":"1.7.5","credits":[{"name":"Alex Nichols","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}