Vulnerabilities > CVE-2019-5481 - Double Free vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
haxx
fedoraproject
netapp
oracle
debian
opensuse
CWE-415
critical
nessus

Summary

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

Vulnerable Configurations

Part Description Count
Application
Haxx
26
Application
Netapp
2
Application
Oracle
17
OS
Fedoraproject
3
OS
Netapp
1
OS
Debian
2
OS
Opensuse
2
Hardware
Netapp
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-254-01.NASL
    descriptionNew curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128749
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128749
    titleSlackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-254-01)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1340.NASL
    descriptionDouble-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482)
    last seen2020-06-01
    modified2020-06-02
    plugin id130236
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130236
    titleAmazon Linux 2 : curl (ALAS-2019-1340)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0177_CURL.NASL
    descriptionAn update of the curl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id129689
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129689
    titlePhoton OS 2.0: Curl PHSA-2019-2.0-0177
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2101.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-12
    plugin id130810
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130810
    titleEulerOS 2.0 SP8 : curl (EulerOS-SA-2019-2101)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2149.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128987
    published2019-09-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128987
    titleopenSUSE Security Update : curl (openSUSE-2019-2149)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-29.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-29 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134606
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134606
    titleGLSA-202003-29 : cURL: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-F2A520135E.NASL
    description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129424
    published2019-09-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129424
    titleFedora 29 : curl (2019-f2a520135e)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4129-1.NASL
    descriptionThomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128754
    published2019-09-12
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128754
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : curl vulnerabilities (USN-4129-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2169.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129338
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129338
    titleopenSUSE Security Update : curl (openSUSE-2019-2169)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4633.NASL
    descriptionMultiple vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2019-5436 A heap buffer overflow in the TFTP receiving code was discovered, which could allow DoS or arbitrary code execution. This only affects the oldstable distribution (stretch). - CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. - CVE-2019-5482 Thomas Vegas discovered a heap buffer overflow that could be triggered when a small non-default TFTP blocksize is used.
    last seen2020-03-17
    modified2020-02-25
    plugin id133968
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133968
    titleDebian DSA-4633-1 : curl - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1070.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].(CVE-2019-5482) - This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2019-5481) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132824
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132824
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : curl (EulerOS-SA-2020-1070)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9FB4E57BD65A11E98A5FE5C82B486287.NASL
    descriptioncurl security problems : CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl
    last seen2020-06-01
    modified2020-06-02
    plugin id128795
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128795
    titleFreeBSD : curl -- multiple vulnerabilities (9fb4e57b-d65a-11e9-8a5f-e5c82b486287)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2373-1.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128873
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128873
    titleSUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:2373-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9E6357D82F.NASL
    description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128978
    published2019-09-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128978
    titleFedora 30 : curl (2019-9e6357d82f)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6D7F6FA2C8.NASL
    description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) ---- - avoid reporting spurious error in the HTTP2 framing layer (#1690971) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129626
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129626
    titleFedora 31 : curl (2019-6d7f6fa2c8)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1294.NASL
    descriptionHeap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482) Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. (CVE-2019-5481)
    last seen2020-06-01
    modified2020-06-02
    plugin id129564
    published2019-10-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129564
    titleAmazon Linux AMI : curl (ALAS-2019-1294)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0032_CURL.NASL
    descriptionAn update of the curl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id130111
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130111
    titlePhoton OS 3.0: Curl PHSA-2019-3.0-0032
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1792.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1792 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) - curl: double free due to subsequent call of realloc() (CVE-2019-5481) - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-04-28
    plugin id136051
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136051
    titleRHEL 8 : curl (RHSA-2020:1792)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2381-1.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128966
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128966
    titleSUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:2381-1)

Redhat

rpms
  • curl-0:7.61.1-12.el8
  • curl-debuginfo-0:7.61.1-12.el8
  • curl-debugsource-0:7.61.1-12.el8
  • curl-minimal-debuginfo-0:7.61.1-12.el8
  • libcurl-0:7.61.1-12.el8
  • libcurl-debuginfo-0:7.61.1-12.el8
  • libcurl-devel-0:7.61.1-12.el8
  • libcurl-minimal-0:7.61.1-12.el8
  • libcurl-minimal-debuginfo-0:7.61.1-12.el8

References