Vulnerabilities > CVE-2019-5436 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3993-1.NASL description Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125355 published 2019-05-23 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125355 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : curl vulnerabilities (USN-3993-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3993-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(125355); script_version("1.4"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2019-5435", "CVE-2019-5436"); script_xref(name:"USN", value:"3993-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : curl vulnerabilities (USN-3993-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3993-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"curl", pkgver:"7.47.0-1ubuntu2.13")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libcurl3", pkgver:"7.47.0-1ubuntu2.13")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libcurl3-gnutls", pkgver:"7.47.0-1ubuntu2.13")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libcurl3-nss", pkgver:"7.47.0-1ubuntu2.13")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"curl", pkgver:"7.58.0-2ubuntu3.7")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libcurl3-gnutls", pkgver:"7.58.0-2ubuntu3.7")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libcurl3-nss", pkgver:"7.58.0-2ubuntu3.7")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libcurl4", pkgver:"7.58.0-2ubuntu3.7")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"curl", pkgver:"7.61.0-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"libcurl3-gnutls", pkgver:"7.61.0-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"libcurl3-nss", pkgver:"7.61.0-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"libcurl4", pkgver:"7.61.0-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"curl", pkgver:"7.64.0-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"libcurl3-gnutls", pkgver:"7.64.0-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"libcurl3-nss", pkgver:"7.64.0-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"libcurl4", pkgver:"7.64.0-2ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2054.NASL description According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a last seen 2020-05-08 modified 2019-09-24 plugin id 129247 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129247 title EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(129247); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2016-0755", "CVE-2017-7407", "CVE-2018-16842", "CVE-2019-5436" ); script_name(english:"EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407) - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842) - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2054 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3428b002"); script_set_attribute(attribute:"solution", value: "Update the affected curl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcurl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcurl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["curl-7.29.0-35.h25", "libcurl-7.29.0-35.h25", "libcurl-devel-7.29.0-35.h25"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_CURL.NASL description An update of the curl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126195 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126195 title Photon OS 1.0: Curl PHSA-2019-1.0-0237 NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-142-01.NASL description New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125348 published 2019-05-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125348 title Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-142-01) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1233.NASL description A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. (CVE-2019-5436) An integer overflow in curl last seen 2020-06-01 modified 2020-06-02 plugin id 127061 published 2019-07-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127061 title Amazon Linux AMI : curl (ALAS-2019-1233) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1271.NASL description According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2020-03-20 plugin id 134737 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134737 title EulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2020-1271) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1924.NASL description According to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128927 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128927 title EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1924) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-14064-1.NASL description This update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125473 published 2019-05-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125473 title SUSE SLES11 Security Update : curl (SUSE-SU-2019:14064-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2505.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2505 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-13 modified 2020-06-12 plugin id 137394 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137394 title RHEL 7 : curl (RHSA-2020:2505) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-29.NASL description The remote host is affected by the vulnerability described in GLSA-202003-29 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134606 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134606 title GLSA-202003-29 : cURL: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1357-2.NASL description This update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126443 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126443 title SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:1357-2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1363-1.NASL description This update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125536 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125536 title SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:1363-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1786.NASL description According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-07-25 plugin id 127023 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127023 title EulerOS 2.0 SP8 : curl (EulerOS-SA-2019-1786) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1357-1.NASL description This update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125470 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125470 title SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:1357-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4633.NASL description Multiple vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2019-5436 A heap buffer overflow in the TFTP receiving code was discovered, which could allow DoS or arbitrary code execution. This only affects the oldstable distribution (stretch). - CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. - CVE-2019-5482 Thomas Vegas discovered a heap buffer overflow that could be triggered when a small non-default TFTP blocksize is used. last seen 2020-03-17 modified 2020-02-25 plugin id 133968 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133968 title Debian DSA-4633-1 : curl - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1809.NASL description According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-08-23 plugin id 128101 published 2019-08-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128101 title EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1809) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2009-1.NASL description This update for curl fixes the following issues : Security issue fixed : CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127749 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127749 title SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:2009-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1839.NASL description According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-09-17 plugin id 128891 published 2019-09-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128891 title EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1839) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DD343A2B7EE711E9A2908DDC52868FA9.NASL description curl security problems : CVE-2019-5435: Integer overflows in curl_url_set() libcurl contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require excessive string input lengths. CVE-2019-5436: TFTP receive buffer overflow libcurl contains a heap buffer overflow in the function (tftp_receive_packet()) that recevives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. The flaw exists if the user selects to use a last seen 2020-06-01 modified 2020-06-02 plugin id 125441 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125441 title FreeBSD : curl -- multiple vulnerabilities (dd343a2b-7ee7-11e9-a290-8ddc52868fa9) NASL family Fedora Local Security Checks NASL id FEDORA_2019-3F5B6F0F97.NASL description - fix TFTP receive buffer overflow (CVE-2019-5436) - fix integer overflows in curl_url_set() (CVE-2019-5435) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125424 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125424 title Fedora 30 : curl (2019-3f5b6f0f97) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1492.NASL description This update for curl fixes the following issues : Security issue fixed : - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125693 published 2019-06-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125693 title openSUSE Security Update : curl (openSUSE-2019-1492) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9FB4E57BD65A11E98A5FE5C82B486287.NASL description curl security problems : CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl last seen 2020-06-01 modified 2020-06-02 plugin id 128795 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128795 title FreeBSD : curl -- multiple vulnerabilities (9fb4e57b-d65a-11e9-8a5f-e5c82b486287) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1804.NASL description cURL, an URL transfer library, contains a heap buffer overflow in the function tftp_receive_packet() that receives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 125410 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125410 title Debian DLA-1804-1 : curl security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1278.NASL description According to the versions of the curl-openssl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2020-03-20 plugin id 134744 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134744 title EulerOS Virtualization 3.0.2.2 : curl-openssl (EulerOS-SA-2020-1278) NASL family Fedora Local Security Checks NASL id FEDORA_2019-697DE0501F.NASL description - fix TFTP receive buffer overflow (CVE-2019-5436) - fix integer overflows in curl_url_set() (CVE-2019-5435) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125786 published 2019-06-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125786 title Fedora 29 : curl (2019-697de0501f) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1792.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1792 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) - curl: double free due to subsequent call of realloc() (CVE-2019-5481) - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-28 plugin id 136051 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136051 title RHEL 8 : curl (RHSA-2020:1792) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1508.NASL description This update for curl fixes the following issues : Security issue fixed : - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125719 published 2019-06-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125719 title openSUSE Security Update : curl (openSUSE-2019-1508) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1020.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1020 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135073 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135073 title RHEL 7 : curl (RHSA-2020:1020) NASL family Scientific Linux Local Security Checks NASL id SL_20200407_CURL_ON_SL7_X.NASL description * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function last seen 2020-04-30 modified 2020-04-21 plugin id 135804 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135804 title Scientific Linux Security Update : curl on SL7.x x86_64 (20200407) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1020.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1020 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-10 plugin id 135317 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135317 title CentOS 7 : curl (CESA-2020:1020) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1233.NASL description An integer overflow in curl last seen 2020-06-01 modified 2020-06-02 plugin id 126957 published 2019-07-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126957 title Amazon Linux 2 : curl (ALAS-2019-1233)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://curl.haxx.se/docs/CVE-2019-5436.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
- https://security.netapp.com/advisory/ntap-20190606-0004/
- https://support.f5.com/csp/article/K55133295
- http://www.openwall.com/lists/oss-security/2019/09/11/6
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://seclists.org/bugtraq/2020/Feb/36
- https://www.debian.org/security/2020/dsa-4633
- https://security.gentoo.org/glsa/202003-29
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
- https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS