Уязвимость CVE-2019-3822: Информация

Описание

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Важность: CRITICAL (9,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-3822

Опубликовано: 6 февраля 2019 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-787

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
MySQL	sisyphus	8.0.16-alt1	8.0.37-alt1.1	ALT-PU-2019-2111-1	232051	Исправлено
MySQL	sisyphus_riscv64	8.0.27-alt1.0.rv64	8.0.30-alt0.2.rv64	ALT-PU-2021-4503-1	-	Исправлено
MySQL	p10	8.0.16-alt1	8.0.36-alt1	ALT-PU-2019-2111-1	232051	Исправлено
MySQL	p9	8.0.16-alt1	8.0.26-alt2	ALT-PU-2019-2216-1	234071	Исправлено
MySQL	c10f1	8.0.16-alt1	8.0.37-alt1	ALT-PU-2019-2111-1	232051	Исправлено
MySQL	c9f2	8.0.16-alt1	8.0.36-alt0.c9.1	ALT-PU-2019-2216-1	234071	Исправлено
MySQL	p11	8.0.16-alt1	8.0.37-alt1.1	ALT-PU-2019-2111-1	232051	Исправлено
curl	sisyphus	7.64.0-alt1	8.7.1-alt2	ALT-PU-2019-1185-1	220787	Исправлено
curl	p10	7.64.0-alt1	8.7.1-alt2	ALT-PU-2019-1185-1	220787	Исправлено
curl	p9	7.64.0-alt1	7.79.0-alt2	ALT-PU-2019-1185-1	220787	Исправлено
curl	p8	7.64.0-alt1	7.65.0-alt1	ALT-PU-2019-1196-1	220788	Исправлено
curl	c10f1	7.64.0-alt1	8.6.0-alt1	ALT-PU-2019-1185-1	220787	Исправлено
curl	c9f2	7.64.0-alt1	8.6.0-alt1	ALT-PU-2019-1185-1	220787	Исправлено
curl	p11	7.64.0-alt1	8.7.1-alt2	ALT-PU-2019-1185-1	220787	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://curl.haxx.se/docs/CVE-2019-3822.html	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822	Exploit Issue Tracking Patch Third Party Advisory
DSA-4386	Third Party Advisory
USN-3882-1	Third Party Advisory
106950	Third Party Advisory VDB Entry
GLSA-201903-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190315-0001/	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20190719-0004/	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
https://support.f5.com/csp/article/K84141449	Third Party Advisory
RHSA-2019:3701	Third Party Advisory
[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.
https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp%3Butm_medium=RSS

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
  Start including
  7.36.0
  End excliding
  7.64.0
  
  Конфигурация 2
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  
  Конфигурация 4
  cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
  Start including
  7.3
  cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
  Start including
  9.5
  cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*
  
  Конфигурация 5
  cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
  End including
  2.0
  
  Конфигурация 6
  cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
  End including
  5.7.26
  cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
  Start including
  5.7.27
  End including
  8.0.15
  
  Конфигурация 7
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Версия: v24.5.3

Наверх

Уязвимость CVE-2019-3822: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4

Конфигурация 5

Конфигурация 6

Конфигурация 7