CVE-2019-5436

UNKNOWN

Published 2019-05-28T18:47:32

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-5436. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

curl

Affected Versions:

Fixed in 7.65.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8xvc-p9x4-w7jm

Advisory Details

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-5436

WEB https://curl.haxx.se/docs/CVE-2019-5436.html

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2

WEB https://seclists.org/bugtraq/2020/Feb/36

WEB https://security.gentoo.org/glsa/202003-29

WEB https://security.netapp.com/advisory/ntap-20190606-0004

WEB https://support.f5.com/csp/article/K55133295

WEB https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS

WEB https://support.f5.com/csp/article/K55133295?utm_source=f5support&utm_medium=RSS

WEB https://www.debian.org/security/2020/dsa-4633

WEB https://www.oracle.com/security-alerts/cpuapr2020.html

WEB https://www.oracle.com/security-alerts/cpuoct2020.html

WEB https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

WEB http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html

WEB http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html

WEB http://www.openwall.com/lists/oss-security/2019/09/11/6

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: April 4, 2024

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/

http://www.openwall.com/lists/oss-security/2019/09/11/6

https://www.debian.org/security/2020/dsa-4633

https://seclists.org/bugtraq/2020/Feb/36

https://security.gentoo.org/glsa/202003-29

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://security.netapp.com/advisory/ntap-20190606-0004/

https://curl.haxx.se/docs/CVE-2019-5436.html

https://support.f5.com/csp/article/K55133295

https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS

HackerOne Reports

CVE-2019-5482: Heap buffer overflow in TFTP when using small blksize Medium

thomas_v

curl

Heap Overflow

View Report

Published: 2019-05-28T18:47:32

Last Modified: 2024-08-04T19:54:53.472Z

Copied to clipboard!

CVE-2019-5436

Expert Analysis

Description

Available Exploits

Related News

Affected Products

curl

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

HackerOne Reports

Request Analysis

What to expect

Request Received!