Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-3822

Published: 06/02/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libcurl

Vulnerability Summary

libcurl versions from 7.36.0 to prior to 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx libcurl

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

debian debian linux 9.0

netapp snapcenter -

netapp oncommand workflow automation -

netapp oncommand insight -

netapp active iq unified manager

netapp clustered data ontap

siemens sinema remote connect client

oracle http server 12.2.1.3.0

oracle enterprise manager ops center 12.3.3

oracle secure global desktop 5.4

oracle communications operations monitor 3.4

oracle communications operations monitor 4.0

oracle enterprise manager ops center 12.4.0

oracle services tools bundle 19.2

oracle mysql server

redhat enterprise linux 8.0

Vendor Advisories

Ubuntu Security Notice: curl vulnerabilities
Several security issues were fixed in curl ...
Red Hat: Moderate: curl security and bug fix update
Synopsis Moderate: curl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Amazon Linux AMI: ALAS-2019-1297
A stack-based buffer overflow vulnerability in the 'Server: Packaging (cURL)' subcomponent could allow an unauthenticated attacker to gain complete control of an affected instance of MySQL Server (CVE-2019-3822) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML) Supported versions that are affected are 5644 ...
Amazon Linux 2: ALAS2-2019-1162
libcurl is vulnerable to a heap buffer out-of-bounds read The function handling incoming NTLM type-2 messages (`lib/vauth/ntlmc:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length ...
Red Hat: CVE-2019-3822
Impact: Moderate Public Date: 2019-02-06 CWE: CWE-121 Bugzilla: 1670254: CVE-2019-3822 curl: NTLMv2 typ ...
Arch Linux Issues:
libcurl versions from 7360 to before 7640 are vulnerable to a stack-based buffer overflow The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlmc:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data The check that exists to prevent the local buffer from getting o ...

Github Repositories

https://github.com/bbrungi/dc19_supply_chain

Building a Secure, Automated Supply Chain - Dockercon 2019 Who am i Github : githubcom/clemenko Twitter : @clemenko Email : clemenko@dockercom In this lab you will integrate Docker Enterprise in to your development pipeline You will push an image to the Docker Trusted Registry (DTR) DTR will scan your image for vulnerabilities so they can be fixed before your app

https://github.com/clemenko/fedsummit_19

Fed Summit Workshop for Building a Secure Supply Chain

Building a Secure, Automated Supply Chain - Mid Atlantic Summit 2019 In this lab you will integrate Docker Enterprise in to your development pipeline You will push an image to the Docker Trusted Registry (DTR) DTR will scan your image for vulnerabilities so they can be fixed before your application is deployed This helps you build more secure apps! Difficulty: Beginner Time

https://github.com/clemenko/dc19_supply_chain

Building a Secure, Automated Supply Chain - Dockercon 2019 Who am i Github : githubcom/clemenko Twitter : @clemenko Email : clemenko@gmailcom In this lab you will integrate Docker Enterprise in to your development pipeline You will push an image to the Docker Trusted Registry (DTR) DTR will scan your image for vulnerabilities so they can be fixed before your appl

References

CWE-787https://curl.haxx.se/docs/CVE-2019-3822.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822https://www.debian.org/security/2019/dsa-4386https://usn.ubuntu.com/3882-1/http://www.securityfocus.com/bid/106950https://security.gentoo.org/glsa/201903-03https://security.netapp.com/advisory/ntap-20190315-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdfhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://security.netapp.com/advisory/ntap-20190719-0004/https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://support.f5.com/csp/article/K84141449https://access.redhat.com/errata/RHSA-2019:3701https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3Ehttps://support.f5.com/csp/article/K84141449?utm_source=f5support&%3Butm_medium=RSShttps://usn.ubuntu.com/3882-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook