Vulnerability CVE-2019-5436: Information

Description

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-5436
Published: May 28, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus8.0.18-alt18.0.36-alt1ALT-PU-2019-3247-1242481Fixed
MySQLsisyphus_riscv648.0.27-alt1.0.rv648.0.30-alt0.2.rv64ALT-PU-2021-4503-1-Fixed
MySQLp108.0.18-alt18.0.36-alt1ALT-PU-2019-3247-1242481Fixed
MySQLp98.0.19-alt28.0.26-alt2ALT-PU-2020-1827-1250162Fixed
MySQLc10f18.0.18-alt18.0.36-alt1ALT-PU-2019-3247-1242481Fixed
MySQLc9f28.0.19-alt28.0.36-alt0.c9.1ALT-PU-2020-1827-1250162Fixed
curlsisyphus7.65.0-alt18.7.1-alt2ALT-PU-2019-1884-1229800Fixed
curlp107.65.0-alt18.7.1-alt2ALT-PU-2019-1884-1229800Fixed
curlp97.65.0-alt17.79.0-alt2ALT-PU-2019-1885-1229801Fixed
curlp87.65.0-alt17.65.0-alt1ALT-PU-2019-1910-1229802Fixed
curlc10f17.65.0-alt18.6.0-alt1ALT-PU-2019-1884-1229800Fixed
curlc9f27.65.0-alt18.6.0-alt1ALT-PU-2019-1885-1229801Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://curl.haxx.se/docs/CVE-2019-5436.html
  • Exploit
  • Patch
  • Vendor Advisory
openSUSE-SU-2019:1492
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:1508
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20190606-0004/
  • Third Party Advisory
https://support.f5.com/csp/article/K55133295
  • Third Party Advisory
[oss-security] 20190911 [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow
  • Mailing List
  • Patch
  • Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
  • Patch
  • Third Party Advisory
20200225 [SECURITY] [DSA 4633-1] curl security update
  • Mailing List
  • Third Party Advisory
DSA-4633
  • Third Party Advisory
GLSA-202003-29
  • Third Party Advisory
N/A
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
    FEDORA-2019-697de0501f
      https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS

          1. Configuration 1

            cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
            Start including
            7.19.4
            End including
            7.64.1

            Configuration 2

            cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
            cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
            cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

            Configuration 4

            cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
            cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

            Configuration 5

            cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*
            Start including
            5.0.0
            End including
            5.1.0

            Configuration 6

            cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
            cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
            cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

            Configuration 7

            cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
            cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
            cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
            End including
            5.7.27
            cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
            Start including
            5.7.28
            End including
            8.0.17
            cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.0
        Back to top