Debian Bug report logs -
#929352
curl: CVE-2019-5435: Integer overflows in curl_url_set
Package:
src:curl;
Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 22 May 2019 07:45:02 UTC
Severity: important
Tags: security, upstream
Found in ...
Debian Bug report logs -
#929351
curl: CVE-2019-5436: TFTP receive buffer overflow
Package:
src:curl;
Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 22 May 2019 07:42:01 UTC
Severity: important
Tags: security, upstream
Found in versi ...
curl could be made to crash if it received a specially crafted data ...
Several security issues were fixed in curl ...
Multiple vulnerabilities were discovered in cURL, an URL transfer
library
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code was discovered,
which could allow DoS or arbitrary code execution This only affects
the oldstable distribution (stretch)
CVE-2019-5481
Thomas Vegas discovered a double-free in the FTP-KRB code ...
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis
Low: curl security and bug fix update
Type/Severity
Security Advisory: Low
Topic
An update for curl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives ...
Synopsis
Low: curl security update
Type/Severity
Security Advisory: Low
Topic
An update for curl is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: Container-native Virtualization security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...
Synopsis
Moderate: OpenShift Container Platform 461 image security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
An integer overflow in curl's URL API results in a buffer overflow in libcurl (CVE-2019-5435)
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl (CVE-2019-5436) ...
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl (CVE-2019-5436)
An integer overflow in curl's URL API results in a buffer overflow in libcurl (CVE-2019-5435) ...
libcurl before 7650 contains a heap buffer overflow in the function (tftp_receive_packet()) that recevives data from a TFTP server It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it Thus, the content that might overwrite the heap memory is entirely controlled by the server The flaw e ...