Vulnerability Details CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
- http://www.openwall.com/lists/oss-security/2019/09/11/6
- https://curl.haxx.se/docs/CVE-2019-5436.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
- https://seclists.org/bugtraq/2020/Feb/36
- https://security.gentoo.org/glsa/202003-29
- https://security.netapp.com/advisory/ntap-20190606-0004/
- https://support.f5.com/csp/article/K55133295
- https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS
- https://www.debian.org/security/2020/dsa-4633
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
- http://www.openwall.com/lists/oss-security/2019/09/11/6
- https://curl.haxx.se/docs/CVE-2019-5436.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
- https://seclists.org/bugtraq/2020/Feb/36
- https://security.gentoo.org/glsa/202003-29
- https://security.netapp.com/advisory/ntap-20190606-0004/
- https://support.f5.com/csp/article/K55133295
- https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS
- https://www.debian.org/security/2020/dsa-4633
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Products affected by CVE-2019-5436
-
cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0
-
cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0
-
cpe:2.3:a:haxx:libcurl:7.19.4
-
cpe:2.3:a:haxx:libcurl:7.19.5
-
cpe:2.3:a:haxx:libcurl:7.19.6
-
cpe:2.3:a:haxx:libcurl:7.19.7
-
cpe:2.3:a:haxx:libcurl:7.20.0
-
cpe:2.3:a:haxx:libcurl:7.20.1
-
cpe:2.3:a:haxx:libcurl:7.21.0
-
cpe:2.3:a:haxx:libcurl:7.21.1
-
cpe:2.3:a:haxx:libcurl:7.21.2
-
cpe:2.3:a:haxx:libcurl:7.21.3
-
cpe:2.3:a:haxx:libcurl:7.21.4
-
cpe:2.3:a:haxx:libcurl:7.21.5
-
cpe:2.3:a:haxx:libcurl:7.21.6
-
cpe:2.3:a:haxx:libcurl:7.21.7
-
cpe:2.3:a:haxx:libcurl:7.22.0
-
cpe:2.3:a:haxx:libcurl:7.23.0
-
cpe:2.3:a:haxx:libcurl:7.23.1
-
cpe:2.3:a:haxx:libcurl:7.24.0
-
cpe:2.3:a:haxx:libcurl:7.25.0
-
cpe:2.3:a:haxx:libcurl:7.26.0
-
cpe:2.3:a:haxx:libcurl:7.27.0
-
cpe:2.3:a:haxx:libcurl:7.28.0
-
cpe:2.3:a:haxx:libcurl:7.28.1
-
cpe:2.3:a:haxx:libcurl:7.29.0
-
cpe:2.3:a:haxx:libcurl:7.30.0
-
cpe:2.3:a:haxx:libcurl:7.31.0
-
cpe:2.3:a:haxx:libcurl:7.32.0
-
cpe:2.3:a:haxx:libcurl:7.33.0
-
cpe:2.3:a:haxx:libcurl:7.34.0
-
cpe:2.3:a:haxx:libcurl:7.35.0
-
cpe:2.3:a:haxx:libcurl:7.36.0
-
cpe:2.3:a:haxx:libcurl:7.37.0
-
cpe:2.3:a:haxx:libcurl:7.37.1
-
cpe:2.3:a:haxx:libcurl:7.38.0
-
cpe:2.3:a:haxx:libcurl:7.39
-
cpe:2.3:a:haxx:libcurl:7.39.0
-
cpe:2.3:a:haxx:libcurl:7.40.0
-
cpe:2.3:a:haxx:libcurl:7.41.0
-
cpe:2.3:a:haxx:libcurl:7.42
-
cpe:2.3:a:haxx:libcurl:7.42.0
-
cpe:2.3:a:haxx:libcurl:7.42.1
-
cpe:2.3:a:haxx:libcurl:7.43.0
-
cpe:2.3:a:haxx:libcurl:7.44.0
-
cpe:2.3:a:haxx:libcurl:7.45.0
-
cpe:2.3:a:haxx:libcurl:7.46.0
-
cpe:2.3:a:haxx:libcurl:7.47.0
-
cpe:2.3:a:haxx:libcurl:7.47.1
-
cpe:2.3:a:haxx:libcurl:7.48.0
-
cpe:2.3:a:haxx:libcurl:7.49.0
-
cpe:2.3:a:haxx:libcurl:7.49.1
-
cpe:2.3:a:haxx:libcurl:7.50.0
-
cpe:2.3:a:haxx:libcurl:7.50.1
-
cpe:2.3:a:haxx:libcurl:7.50.2
-
cpe:2.3:a:haxx:libcurl:7.50.3
-
cpe:2.3:a:haxx:libcurl:7.51.0
-
cpe:2.3:a:haxx:libcurl:7.52.0
-
cpe:2.3:a:haxx:libcurl:7.52.1
-
cpe:2.3:a:haxx:libcurl:7.53.0
-
cpe:2.3:a:haxx:libcurl:7.53.1
-
cpe:2.3:a:haxx:libcurl:7.54.0
-
cpe:2.3:a:haxx:libcurl:7.54.1
-
cpe:2.3:a:haxx:libcurl:7.55.0
-
cpe:2.3:a:haxx:libcurl:7.55.1
-
cpe:2.3:a:haxx:libcurl:7.56.0
-
cpe:2.3:a:haxx:libcurl:7.56.1
-
cpe:2.3:a:haxx:libcurl:7.57.0
-
cpe:2.3:a:haxx:libcurl:7.58.0
-
cpe:2.3:a:haxx:libcurl:7.59.0
-
cpe:2.3:a:haxx:libcurl:7.60.0
-
cpe:2.3:a:haxx:libcurl:7.61.0
-
cpe:2.3:a:haxx:libcurl:7.61.1
-
cpe:2.3:a:haxx:libcurl:7.62.0
-
cpe:2.3:a:haxx:libcurl:7.63.0
-
cpe:2.3:a:haxx:libcurl:7.64.0
-
cpe:2.3:a:haxx:libcurl:7.64.1
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3
-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0
-
cpe:2.3:a:oracle:mysql_server:-
-
cpe:2.3:a:oracle:mysql_server:5.7.0
-
cpe:2.3:a:oracle:mysql_server:5.7.26
-
cpe:2.3:a:oracle:mysql_server:5.7.27
-
cpe:2.3:a:oracle:mysql_server:5.7.28
-
cpe:2.3:a:oracle:mysql_server:5.7.32
-
cpe:2.3:a:oracle:mysql_server:5.7.33
-
cpe:2.3:a:oracle:mysql_server:5.7.34
-
cpe:2.3:a:oracle:mysql_server:5.7.35
-
cpe:2.3:a:oracle:mysql_server:5.7.36
-
cpe:2.3:a:oracle:mysql_server:5.7.38
-
cpe:2.3:a:oracle:mysql_server:5.7.39
-
cpe:2.3:a:oracle:mysql_server:5.7.40
-
cpe:2.3:a:oracle:mysql_server:5.7.41
-
cpe:2.3:a:oracle:mysql_server:8.0.0
-
cpe:2.3:a:oracle:mysql_server:8.0.15
-
cpe:2.3:a:oracle:mysql_server:8.0.17
-
cpe:2.3:a:oracle:oss_support_tools:20.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:29
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:42.3