Vulnerabilities > CVE-2019-5436 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Vulnerable Configurations

Part Description Count
Application
Haxx
77
Application
F5
2
Application
Netapp
3
Application
Oracle
20
OS
Opensuse
3
OS
Fedoraproject
1
OS
Debian
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3993-1.NASL
    descriptionWenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125355
    published2019-05-23
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125355
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : curl vulnerabilities (USN-3993-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3993-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125355);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2019-5435", "CVE-2019-5436");
      script_xref(name:"USN", value:"3993-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : curl vulnerabilities (USN-3993-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Wenchao Li discovered that curl incorrectly handled memory in the
    curl_url_set() function. A remote attacker could use this issue to
    cause curl to crash, resulting in a denial of service, or possibly
    execute arbitrary code. This issue only affected Ubuntu 19.04.
    (CVE-2019-5435)
    
    It was discovered that curl incorrectly handled memory when receiving
    data from a TFTP server. A remote attacker could use this issue to
    cause curl to crash, resulting in a denial of service, or possibly
    execute arbitrary code. (CVE-2019-5436).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3993-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"curl", pkgver:"7.47.0-1ubuntu2.13")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libcurl3", pkgver:"7.47.0-1ubuntu2.13")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libcurl3-gnutls", pkgver:"7.47.0-1ubuntu2.13")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libcurl3-nss", pkgver:"7.47.0-1ubuntu2.13")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"curl", pkgver:"7.58.0-2ubuntu3.7")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libcurl3-gnutls", pkgver:"7.58.0-2ubuntu3.7")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libcurl3-nss", pkgver:"7.58.0-2ubuntu3.7")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libcurl4", pkgver:"7.58.0-2ubuntu3.7")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"curl", pkgver:"7.61.0-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"libcurl3-gnutls", pkgver:"7.61.0-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"libcurl3-nss", pkgver:"7.61.0-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"libcurl4", pkgver:"7.61.0-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"curl", pkgver:"7.64.0-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"libcurl3-gnutls", pkgver:"7.64.0-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"libcurl3-nss", pkgver:"7.64.0-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"libcurl4", pkgver:"7.64.0-2ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2054.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a
    last seen2020-05-08
    modified2019-09-24
    plugin id129247
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129247
    titleEulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129247);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2016-0755",
        "CVE-2017-7407",
        "CVE-2018-16842",
        "CVE-2019-5436"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the curl packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - A heap buffer overflow in the TFTP receiving code
        allows for DoS or arbitrary code execution in libcurl
        versions 7.19.4 through 7.64.1.(CVE-2019-5436)
    
      - The ourWriteOut function in tool_writeout.c in curl
        7.53.1 might allow physically proximate attackers to
        obtain sensitive information from process memory in
        opportunistic circumstances by reading a workstation
        screen during use of a --write-out argument ending in a
        '%' character, which leads to a heap-based buffer
        over-read.(CVE-2017-7407)
    
      - Curl versions 7.14.1 through 7.61.1 are vulnerable to a
        heap-based buffer over-read in the tool_msgs.c:voutf()
        function that may result in information exposure and
        denial of service.(CVE-2018-16842)
    
      - The ConnectionExists function in lib/url.c in libcurl
        before 7.47.0 does not properly re-use
        NTLM-authenticated proxy connections, which might allow
        remote attackers to authenticate as other users via a
        request, a similar issue to
        CVE-2014-0015.(CVE-2016-0755)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2054
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3428b002");
      script_set_attribute(attribute:"solution", value:
    "Update the affected curl packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcurl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcurl-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["curl-7.29.0-35.h25",
            "libcurl-7.29.0-35.h25",
            "libcurl-devel-7.29.0-35.h25"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0237_CURL.NASL
    descriptionAn update of the curl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126195
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126195
    titlePhoton OS 1.0: Curl PHSA-2019-1.0-0237
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-142-01.NASL
    descriptionNew curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125348
    published2019-05-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125348
    titleSlackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-142-01)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1233.NASL
    descriptionA heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. (CVE-2019-5436) An integer overflow in curl
    last seen2020-06-01
    modified2020-06-02
    plugin id127061
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127061
    titleAmazon Linux AMI : curl (ALAS-2019-1233)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1271.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134737
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134737
    titleEulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2020-1271)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1924.NASL
    descriptionAccording to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128927
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128927
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1924)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14064-1.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125473
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125473
    titleSUSE SLES11 Security Update : curl (SUSE-SU-2019:14064-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2505.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2505 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-13
    modified2020-06-12
    plugin id137394
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137394
    titleRHEL 7 : curl (RHSA-2020:2505)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-29.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-29 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134606
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134606
    titleGLSA-202003-29 : cURL: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1357-2.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126443
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126443
    titleSUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:1357-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1363-1.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125536
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125536
    titleSUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:1363-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1786.NASL
    descriptionAccording to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-07-25
    plugin id127023
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127023
    titleEulerOS 2.0 SP8 : curl (EulerOS-SA-2019-1786)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1357-1.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125470
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125470
    titleSUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:1357-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4633.NASL
    descriptionMultiple vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2019-5436 A heap buffer overflow in the TFTP receiving code was discovered, which could allow DoS or arbitrary code execution. This only affects the oldstable distribution (stretch). - CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. - CVE-2019-5482 Thomas Vegas discovered a heap buffer overflow that could be triggered when a small non-default TFTP blocksize is used.
    last seen2020-03-17
    modified2020-02-25
    plugin id133968
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133968
    titleDebian DSA-4633-1 : curl - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1809.NASL
    descriptionAccording to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-08-23
    plugin id128101
    published2019-08-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128101
    titleEulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1809)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2009-1.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127749
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127749
    titleSUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:2009-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1839.NASL
    descriptionAccording to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-09-17
    plugin id128891
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128891
    titleEulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1839)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DD343A2B7EE711E9A2908DDC52868FA9.NASL
    descriptioncurl security problems : CVE-2019-5435: Integer overflows in curl_url_set() libcurl contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require excessive string input lengths. CVE-2019-5436: TFTP receive buffer overflow libcurl contains a heap buffer overflow in the function (tftp_receive_packet()) that recevives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. The flaw exists if the user selects to use a
    last seen2020-06-01
    modified2020-06-02
    plugin id125441
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125441
    titleFreeBSD : curl -- multiple vulnerabilities (dd343a2b-7ee7-11e9-a290-8ddc52868fa9)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3F5B6F0F97.NASL
    description - fix TFTP receive buffer overflow (CVE-2019-5436) - fix integer overflows in curl_url_set() (CVE-2019-5435) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125424
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125424
    titleFedora 30 : curl (2019-3f5b6f0f97)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1492.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125693
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125693
    titleopenSUSE Security Update : curl (openSUSE-2019-1492)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9FB4E57BD65A11E98A5FE5C82B486287.NASL
    descriptioncurl security problems : CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl
    last seen2020-06-01
    modified2020-06-02
    plugin id128795
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128795
    titleFreeBSD : curl -- multiple vulnerabilities (9fb4e57b-d65a-11e9-8a5f-e5c82b486287)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1804.NASL
    descriptioncURL, an URL transfer library, contains a heap buffer overflow in the function tftp_receive_packet() that receives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125410
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125410
    titleDebian DLA-1804-1 : curl security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1278.NASL
    descriptionAccording to the versions of the curl-openssl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134744
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134744
    titleEulerOS Virtualization 3.0.2.2 : curl-openssl (EulerOS-SA-2020-1278)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-697DE0501F.NASL
    description - fix TFTP receive buffer overflow (CVE-2019-5436) - fix integer overflows in curl_url_set() (CVE-2019-5435) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125786
    published2019-06-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125786
    titleFedora 29 : curl (2019-697de0501f)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1792.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1792 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) - curl: double free due to subsequent call of realloc() (CVE-2019-5481) - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-04-28
    plugin id136051
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136051
    titleRHEL 8 : curl (RHSA-2020:1792)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1508.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125719
    published2019-06-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125719
    titleopenSUSE Security Update : curl (openSUSE-2019-1508)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1020.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1020 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135073
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135073
    titleRHEL 7 : curl (RHSA-2020:1020)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_CURL_ON_SL7_X.NASL
    description* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function
    last seen2020-04-30
    modified2020-04-21
    plugin id135804
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135804
    titleScientific Linux Security Update : curl on SL7.x x86_64 (20200407)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1020.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1020 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135317
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135317
    titleCentOS 7 : curl (CESA-2020:1020)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1233.NASL
    descriptionAn integer overflow in curl
    last seen2020-06-01
    modified2020-06-02
    plugin id126957
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126957
    titleAmazon Linux 2 : curl (ALAS-2019-1233)

Redhat

advisories
bugzilla
id1769307
titlecurl fails while attempting to POST a char device
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentlibcurl-devel is earlier than 0:7.29.0-57.el7
          ovaloval:com.redhat.rhsa:tst:20201020001
        • commentlibcurl-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110918012
      • AND
        • commentlibcurl is earlier than 0:7.29.0-57.el7
          ovaloval:com.redhat.rhsa:tst:20201020003
        • commentlibcurl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110918014
      • AND
        • commentcurl is earlier than 0:7.29.0-57.el7
          ovaloval:com.redhat.rhsa:tst:20201020005
        • commentcurl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110918016
rhsa
idRHSA-2020:1020
released2020-03-31
severityLow
titleRHSA-2020:1020: curl security and bug fix update (Low)
rpms
  • curl-0:7.29.0-57.el7
  • curl-debuginfo-0:7.29.0-57.el7
  • libcurl-0:7.29.0-57.el7
  • libcurl-devel-0:7.29.0-57.el7
  • curl-0:7.61.1-12.el8
  • curl-debuginfo-0:7.61.1-12.el8
  • curl-debugsource-0:7.61.1-12.el8
  • curl-minimal-debuginfo-0:7.61.1-12.el8
  • libcurl-0:7.61.1-12.el8
  • libcurl-debuginfo-0:7.61.1-12.el8
  • libcurl-devel-0:7.61.1-12.el8
  • libcurl-minimal-0:7.61.1-12.el8
  • libcurl-minimal-debuginfo-0:7.61.1-12.el8

References