Vulnerability Details CVE-2019-3823
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.8%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/106950
- https://access.redhat.com/errata/RHSA-2019:3701
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823
- https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
- https://curl.haxx.se/docs/CVE-2019-3823.html
- https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E
- https://security.gentoo.org/glsa/201903-03
- https://security.netapp.com/advisory/ntap-20190315-0001/
- https://usn.ubuntu.com/3882-1/
- https://www.debian.org/security/2019/dsa-4386
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.securityfocus.com/bid/106950
- https://access.redhat.com/errata/RHSA-2019:3701
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823
- https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
- https://curl.haxx.se/docs/CVE-2019-3823.html
- https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E
- https://security.gentoo.org/glsa/201903-03
- https://security.netapp.com/advisory/ntap-20190315-0001/
- https://usn.ubuntu.com/3882-1/
- https://www.debian.org/security/2019/dsa-4386
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Products affected by CVE-2019-3823
-
cpe:2.3:a:haxx:libcurl:7.34.0
-
cpe:2.3:a:haxx:libcurl:7.35.0
-
cpe:2.3:a:haxx:libcurl:7.36.0
-
cpe:2.3:a:haxx:libcurl:7.37.0
-
cpe:2.3:a:haxx:libcurl:7.37.1
-
cpe:2.3:a:haxx:libcurl:7.38.0
-
cpe:2.3:a:haxx:libcurl:7.39
-
cpe:2.3:a:haxx:libcurl:7.39.0
-
cpe:2.3:a:haxx:libcurl:7.40.0
-
cpe:2.3:a:haxx:libcurl:7.41.0
-
cpe:2.3:a:haxx:libcurl:7.42
-
cpe:2.3:a:haxx:libcurl:7.42.0
-
cpe:2.3:a:haxx:libcurl:7.42.1
-
cpe:2.3:a:haxx:libcurl:7.43.0
-
cpe:2.3:a:haxx:libcurl:7.44.0
-
cpe:2.3:a:haxx:libcurl:7.45.0
-
cpe:2.3:a:haxx:libcurl:7.46.0
-
cpe:2.3:a:haxx:libcurl:7.47.0
-
cpe:2.3:a:haxx:libcurl:7.47.1
-
cpe:2.3:a:haxx:libcurl:7.48.0
-
cpe:2.3:a:haxx:libcurl:7.49.0
-
cpe:2.3:a:haxx:libcurl:7.49.1
-
cpe:2.3:a:haxx:libcurl:7.50.0
-
cpe:2.3:a:haxx:libcurl:7.50.1
-
cpe:2.3:a:haxx:libcurl:7.50.2
-
cpe:2.3:a:haxx:libcurl:7.50.3
-
cpe:2.3:a:haxx:libcurl:7.51.0
-
cpe:2.3:a:haxx:libcurl:7.52.0
-
cpe:2.3:a:haxx:libcurl:7.52.1
-
cpe:2.3:a:haxx:libcurl:7.53.0
-
cpe:2.3:a:haxx:libcurl:7.53.1
-
cpe:2.3:a:haxx:libcurl:7.54.0
-
cpe:2.3:a:haxx:libcurl:7.54.1
-
cpe:2.3:a:haxx:libcurl:7.55.0
-
cpe:2.3:a:haxx:libcurl:7.55.1
-
cpe:2.3:a:haxx:libcurl:7.56.0
-
cpe:2.3:a:haxx:libcurl:7.56.1
-
cpe:2.3:a:haxx:libcurl:7.57.0
-
cpe:2.3:a:haxx:libcurl:7.58.0
-
cpe:2.3:a:haxx:libcurl:7.59.0
-
cpe:2.3:a:haxx:libcurl:7.60.0
-
cpe:2.3:a:haxx:libcurl:7.61.0
-
cpe:2.3:a:haxx:libcurl:7.61.1
-
cpe:2.3:a:haxx:libcurl:7.62.0
-
cpe:2.3:a:haxx:libcurl:7.63.0
-
cpe:2.3:a:oracle:communications_operations_monitor:3.4
-
cpe:2.3:a:oracle:communications_operations_monitor:4.0
-
cpe:2.3:a:oracle:http_server:12.2.1.3.0
-
cpe:2.3:a:oracle:secure_global_desktop:5.4
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:netapp:clustered_data_ontap:-
-
cpe:2.3:o:netapp:clustered_data_ontap:8.2
-
cpe:2.3:o:netapp:clustered_data_ontap:8.3
-
cpe:2.3:o:netapp:clustered_data_ontap:9.0
-
cpe:2.3:o:netapp:clustered_data_ontap:9.1
-
cpe:2.3:o:netapp:clustered_data_ontap:9.10.0
-
cpe:2.3:o:netapp:clustered_data_ontap:9.10.1
-
cpe:2.3:o:netapp:clustered_data_ontap:9.11.1
-
cpe:2.3:o:netapp:clustered_data_ontap:9.12.0
-
cpe:2.3:o:netapp:clustered_data_ontap:9.12.1
-
cpe:2.3:o:netapp:clustered_data_ontap:9.13.0
-
cpe:2.3:o:netapp:clustered_data_ontap:9.13.1
-
cpe:2.3:o:netapp:clustered_data_ontap:9.14.0
-
cpe:2.3:o:netapp:clustered_data_ontap:9.2
-
cpe:2.3:o:netapp:clustered_data_ontap:9.3
-
cpe:2.3:o:netapp:clustered_data_ontap:9.4
-
cpe:2.3:o:netapp:clustered_data_ontap:9.5
-
cpe:2.3:o:netapp:clustered_data_ontap:9.6
-
cpe:2.3:o:netapp:clustered_data_ontap:9.7
-
cpe:2.3:o:netapp:clustered_data_ontap:9.8
-
cpe:2.3:o:netapp:clustered_data_ontap:9.9.1