Vulnerability CVE-2019-5482: Information

Description

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-5482

Published: Sept. 16, 2019

Modified: Nov. 7, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
MySQL	sisyphus	8.0.19-alt1	8.0.37-alt1.1	ALT-PU-2020-1220-1	245056	Fixed
MySQL	sisyphus_riscv64	8.0.27-alt1.0.rv64	8.0.37-alt0.port	ALT-PU-2021-4503-1	-	Fixed
MySQL	p10	8.0.19-alt1	8.0.36-alt1	ALT-PU-2020-1220-1	245056	Fixed
MySQL	p9	8.0.19-alt2	8.0.26-alt2	ALT-PU-2020-1827-1	250162	Fixed
MySQL	c10f1	8.0.19-alt1	8.0.37-alt1	ALT-PU-2020-1220-1	245056	Fixed
MySQL	c9f2	8.0.19-alt2	8.0.36-alt0.c9.1	ALT-PU-2020-1827-1	250162	Fixed
MySQL	p11	8.0.19-alt1	8.0.37-alt1.1	ALT-PU-2020-1220-1	245056	Fixed
curl	sisyphus	7.66.0-alt1	8.7.1-alt2	ALT-PU-2019-2679-1	237384	Fixed
curl	p10	7.66.0-alt1	8.7.1-alt2	ALT-PU-2019-2679-1	237384	Fixed
curl	p9	7.71.0-alt1	7.79.0-alt2	ALT-PU-2020-2447-1	253931	Fixed
curl	c10f1	7.66.0-alt1	8.6.0-alt1	ALT-PU-2019-2679-1	237384	Fixed
curl	c9f2	7.71.0-alt1	8.6.0-alt1	ALT-PU-2020-2447-1	253931	Fixed
curl	p11	7.66.0-alt1	8.7.1-alt2	ALT-PU-2019-2679-1	237384	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://curl.haxx.se/docs/CVE-2019-5482.html	Vendor Advisory
openSUSE-SU-2019:2149	Mailing List Third Party Advisory
openSUSE-SU-2019:2169	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0003/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Patch Third Party Advisory
20200225 [SECURITY] [DSA 4633-1] curl security update	Mailing List Third Party Advisory
DSA-4633	Third Party Advisory
GLSA-202003-29	Third Party Advisory
N/A	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20200416-0003/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
FEDORA-2019-9e6357d82f
FEDORA-2019-6d7f6fa2c8
FEDORA-2019-f2a520135e

Affected configurations:
1. Configuration 1
  cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
  Start including
  7.19.4
  End including
  7.65.3
  
  Configuration 2
  cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
  Start including
  7.3
  cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
  Start including
  9.5
  
  Configuration 5
  cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:hyperion_essbase:11.1.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
  Start including
  8.0.0
  End including
  8.0.18
  cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
  Start including
  5.0.0
  End including
  5.7.28
  
  Configuration 6
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2019-5482: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6