Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2019-5443

Published: 02/07/2019 Updated: 03/11/2021
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

oracle http server 12.2.1.3.0

oracle enterprise manager ops center 12.3.3

oracle enterprise manager ops center 12.4.0

oracle oss support tools 20.0

oracle http server 12.2.1.4.0

oracle mysql server

netapp snapcenter -

netapp oncommand unified manager

netapp oncommand workflow automation -

netapp oncommand insight -

Vendor Advisories

PostgreSQL CVE: CVE-2019-10211
When the database server or libpq client library initializes SSL, libeay32dll attempts to read configuration from a hard-coded directory Typically, the directory does not exist, but any local user could create it and inject configuration This configuration can direct OpenSSL to load and execute arbitrary code as the user running a PostgreSQL s ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Mailing Lists

Full Disclosure: curl: Windows OpenSSL engine code injection
Windows OpenSSL engine code injection ===================================== Project curl Security Advisory, June 24th 2019 - [Permalink](curlhaxxse/docs/CVE-2019-5443html) VULNERABILITY ------------- A non-privileged user or program can put code and a config file in a known non-privileged path (under `C:/usr/local/`) that will make cu ...

Github Repositories

https://github.com/EmilioBerlanda/cURL

Automated, reproducible, transparent, Windows builds for curl, nghttp2, brotli, libssh2 and OpenSSL 11 SECURITY NOTICE: It is strongly recommended to upgrade to curl 7651_2 and OpenSSL 111c_2, released on 2019-06-20, or newer Previous releases were discovered to have a code injection (and potential privilege escalation) vulnerability triggered via OpenSSL's build co

References

CWE-427http://www.openwall.com/lists/oss-security/2019/06/24/1https://curl.haxx.se/docs/CVE-2019-5443.htmlhttp://www.securityfocus.com/bid/108881https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://security.netapp.com/advisory/ntap-20191017-0002/https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://nvd.nist.govhttps://github.com/EmilioBerlanda/cURLhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://www.postgresql.org/support/security/CVE-2019-10211/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627CVE-2022-45803CVE-2024-38319cameratemplate injectionCVE-2024-27801CVE-2024-0762CVE-2024-5791unauthorized
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook