Published: 28/05/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

libcurl prior to 7.65.0 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require excessive string input lengths.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl

Several security issues were fixed in curl ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP5 security update Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat En ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP5 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 5 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security ...

Debian Bug report logs - #929352 curl: CVE-2019-5435: Integer overflows in curl_url_set Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 22 May 2019 07:45:02 UTC Severity: important Tags: security, upstream Found in ...

Debian Bug report logs - #929351 curl: CVE-2019-5436: TFTP receive buffer overflow Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 22 May 2019 07:42:01 UTC Severity: important Tags: security, upstream Found in versi ...

An integer overflow in curl's URL API results in a buffer overflow in libcurl (CVE-2019-5435) A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl (CVE-2019-5436) ...

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl (CVE-2019-5436) An integer overflow in curl's URL API results in a buffer overflow in libcurl (CVE-2019-5435) ...

libcurl before 7650 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow The flaws only exist on 32 bit architectures and require excessive string input lengths ...

Critical Infrastructure Sectors: Critical Manufacturing

oss-sec mailing list archives   By Date By Thread </form>    [SECURITY ADVISORY] curl: Integer overflows in curl_url_set   From: Danie ...

CWE-190 https://curl.haxx.se/docs/CVE-2019-5435.html https://security.netapp.com/advisory/ntap-20190606-0004/https://support.f5.com/csp/article/K08125515 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://security.gentoo.org/glsa/202003-29 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/https://usn.ubuntu.com/3993-1/https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://security.archlinux.org/CVE-2019-5435

CVE-2019-5435

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect