Vulnerabilities > CVE-2019-5481 - Double Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-254-01.NASL description New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128749 published 2019-09-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128749 title Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-254-01) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1340.NASL description Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) last seen 2020-06-01 modified 2020-06-02 plugin id 130236 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130236 title Amazon Linux 2 : curl (ALAS-2019-1340) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0177_CURL.NASL description An update of the curl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 129689 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129689 title Photon OS 2.0: Curl PHSA-2019-2.0-0177 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2101.NASL description According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-11-12 plugin id 130810 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130810 title EulerOS 2.0 SP8 : curl (EulerOS-SA-2019-2101) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2149.NASL description This update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 128987 published 2019-09-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128987 title openSUSE Security Update : curl (openSUSE-2019-2149) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-29.NASL description The remote host is affected by the vulnerability described in GLSA-202003-29 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134606 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134606 title GLSA-202003-29 : cURL: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2019-F2A520135E.NASL description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129424 published 2019-09-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129424 title Fedora 29 : curl (2019-f2a520135e) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4129-1.NASL description Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128754 published 2019-09-12 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128754 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : curl vulnerabilities (USN-4129-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2169.NASL description This update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129338 published 2019-09-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129338 title openSUSE Security Update : curl (openSUSE-2019-2169) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4633.NASL description Multiple vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2019-5436 A heap buffer overflow in the TFTP receiving code was discovered, which could allow DoS or arbitrary code execution. This only affects the oldstable distribution (stretch). - CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. - CVE-2019-5482 Thomas Vegas discovered a heap buffer overflow that could be triggered when a small non-default TFTP blocksize is used. last seen 2020-03-17 modified 2020-02-25 plugin id 133968 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133968 title Debian DSA-4633-1 : curl - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1070.NASL description According to the versions of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].(CVE-2019-5482) - This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2019-5481) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132824 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132824 title EulerOS Virtualization for ARM 64 3.0.5.0 : curl (EulerOS-SA-2020-1070) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9FB4E57BD65A11E98A5FE5C82B486287.NASL description curl security problems : CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl last seen 2020-06-01 modified 2020-06-02 plugin id 128795 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128795 title FreeBSD : curl -- multiple vulnerabilities (9fb4e57b-d65a-11e9-8a5f-e5c82b486287) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2373-1.NASL description This update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128873 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128873 title SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:2373-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-9E6357D82F.NASL description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128978 published 2019-09-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128978 title Fedora 30 : curl (2019-9e6357d82f) NASL family Fedora Local Security Checks NASL id FEDORA_2019-6D7F6FA2C8.NASL description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) ---- - avoid reporting spurious error in the HTTP2 framing layer (#1690971) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129626 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129626 title Fedora 31 : curl (2019-6d7f6fa2c8) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1294.NASL description Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482) Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. (CVE-2019-5481) last seen 2020-06-01 modified 2020-06-02 plugin id 129564 published 2019-10-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129564 title Amazon Linux AMI : curl (ALAS-2019-1294) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0032_CURL.NASL description An update of the curl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 130111 published 2019-10-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130111 title Photon OS 3.0: Curl PHSA-2019-3.0-0032 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1792.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1792 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) - curl: double free due to subsequent call of realloc() (CVE-2019-5481) - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-28 plugin id 136051 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136051 title RHEL 8 : curl (RHSA-2020:1792) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2381-1.NASL description This update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128966 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128966 title SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:2381-1)
Redhat
| rpms |
|
References
- https://curl.haxx.se/docs/CVE-2019-5481.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html
- https://security.netapp.com/advisory/ntap-20191004-0003/
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://seclists.org/bugtraq/2020/Feb/36
- https://www.debian.org/security/2020/dsa-4633
- https://security.gentoo.org/glsa/202003-29
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/