{"id":"CVE-2018-16840","details":"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.","aliases":["CURL-CVE-2018-16840"],"modified":"2026-03-20T11:23:54.988085Z","published":"2018-10-31T18:29:00.307Z","related":["SUSE-SU-2018:3608-1","SUSE-SU-2018:3624-1","SUSE-SU-2018:3681-1","SUSE-SU-2019:0339-1","openSUSE-SU-2024:10582-1"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1042013"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-03"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3805-1/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840"},{"type":"FIX","url":"https://curl.haxx.se/docs/CVE-2018-16840.html"},{"type":"FIX","url":"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"4d6bd91ab33328c6d27eddc32e064defc02dc4fd"},{"fixed":"196677150f711a96c38ed123e621f1d4e995b2e5"},{"fixed":"81d135d67155c5295b1033679c606165d4e28f3f"}],"database_specific":{"versions":[{"introduced":"7.59.0"},{"fixed":"7.62.0"}]}}],"versions":["curl-7_59_0","curl-7_60_0","curl-7_61_0","curl-7_61_1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]}],"vanir_signatures":[{"deprecated":false,"id":"CVE-2018-16840-5a294ae8","target":{"file":"lib/url.c","function":"Curl_close"},"signature_type":"Function","digest":{"length":1388,"function_hash":"253867143457341161698845574111827314122"},"signature_version":"v1","source":"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f"},{"deprecated":false,"id":"CVE-2018-16840-97a670ad","target":{"file":"lib/url.c"},"signature_type":"Line","digest":{"line_hashes":["76450436232552618053190577593466383274","56283251733270634435040735386618773715","225146506795074944162099681821124504277","72162716836877692358628916813877661635","28202728034268574745574819732142521908"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16840.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}