Vulnerabilities > CVE-2019-5482 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
haxx
fedoraproject
opensuse
netapp
oracle
debian
CWE-787
critical
nessus

Summary

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Vulnerable Configurations

Part Description Count
Application
Haxx
80
Application
Netapp
9
Application
Oracle
20
OS
Fedoraproject
3
OS
Opensuse
2
OS
Debian
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5561.NASL
    descriptionDescription of changes: [7.19.7-54.0.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] 462
    last seen2020-03-18
    modified2020-03-10
    plugin id134358
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134358
    titleOracle Linux 6 : curl (ELSA-2020-5561)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2020-5561.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134358);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2019-5482");
    
      script_name(english:"Oracle Linux 6 : curl (ELSA-2020-5561)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    [7.19.7-54.0.2]
    - Fix TFTP small blocksize heap buffer overflow 
    (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724]
    462"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2020-March/009686.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected curl packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libcurl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libcurl-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"curl-7.19.7-54.0.2.el6_10")) flag++;
    if (rpm_check(release:"EL6", reference:"libcurl-7.19.7-54.0.2.el6_10")) flag++;
    if (rpm_check(release:"EL6", reference:"libcurl-devel-7.19.7-54.0.2.el6_10")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / libcurl / libcurl-devel");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-254-01.NASL
    descriptionNew curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128749
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128749
    titleSlackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-254-01)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5562.NASL
    descriptionDescription of changes: [7.29.0-54.0.5.el7_7.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724]
    last seen2020-03-18
    modified2020-03-10
    plugin id134359
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134359
    titleOracle Linux 7 : curl (ELSA-2020-5562)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1340.NASL
    descriptionDouble-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482)
    last seen2020-06-01
    modified2020-06-02
    plugin id130236
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130236
    titleAmazon Linux 2 : curl (ALAS-2019-1340)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1917.NASL
    descriptionIt was discovered that there was a heap buffer overflow vulnerability in curl, the library and command-line tool for transferring data over the internet. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id128777
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128777
    titleDebian DLA-1917-1 : curl security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_21D59EA3855911EAA5E2D4C9EF517024.NASL
    descriptionOracle reports : This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. MariaDB reports 4 of these vulnerabilities exist in their software
    last seen2020-05-19
    modified2020-04-24
    plugin id135941
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135941
    titleFreeBSD : MySQL Server -- Multiple vulerabilities (21d59ea3-8559-11ea-a5e2-d4c9ef517024)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2020_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the Networking (Oracle Security Service) component of Oracle Enterprise Manager Ops Center. An easy to exploit vulnerability could allow unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2018-11058) - An unspecified vulnerability in the Networking (RSA Bsafe) component of Oracle Enterprise Manager Ops Center. A difficult to exploit vulnerability could allow a low privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-1547) - An unspecified vulnerability in the Networking (cURL) component of Oracle Enterprise Manager Ops Center. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-5482)
    last seen2020-05-08
    modified2020-01-20
    plugin id133091
    published2020-01-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133091
    titleOracle Enterprise Manager Ops Center (Jan 2020 CPU)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1271.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134737
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134737
    titleEulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2020-1271)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0177_CURL.NASL
    descriptionAn update of the curl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id129689
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129689
    titlePhoton OS 2.0: Curl PHSA-2019-2.0-0177
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2101.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-12
    plugin id130810
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130810
    titleEulerOS 2.0 SP8 : curl (EulerOS-SA-2019-2101)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2149.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128987
    published2019-09-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128987
    titleopenSUSE Security Update : curl (openSUSE-2019-2149)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2136.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-12
    plugin id130845
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130845
    titleEulerOS 2.0 SP5 : curl (EulerOS-SA-2019-2136)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-29.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-29 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134606
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134606
    titleGLSA-202003-29 : cURL: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-F2A520135E.NASL
    description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129424
    published2019-09-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129424
    titleFedora 29 : curl (2019-f2a520135e)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4129-1.NASL
    descriptionThomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128754
    published2019-09-12
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128754
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : curl vulnerabilities (USN-4129-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2169.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129338
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129338
    titleopenSUSE Security Update : curl (openSUSE-2019-2169)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1233.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134522
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134522
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2020-1233)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4633.NASL
    descriptionMultiple vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2019-5436 A heap buffer overflow in the TFTP receiving code was discovered, which could allow DoS or arbitrary code execution. This only affects the oldstable distribution (stretch). - CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. - CVE-2019-5482 Thomas Vegas discovered a heap buffer overflow that could be triggered when a small non-default TFTP blocksize is used.
    last seen2020-03-17
    modified2020-02-25
    plugin id133968
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133968
    titleDebian DSA-4633-1 : curl - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2410.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.(CVE-2015-3153) - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842) - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131902
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131902
    titleEulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1070.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].(CVE-2019-5482) - This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2019-5481) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132824
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132824
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : curl (EulerOS-SA-2020-1070)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9FB4E57BD65A11E98A5FE5C82B486287.NASL
    descriptioncurl security problems : CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl
    last seen2020-06-01
    modified2020-06-02
    plugin id128795
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128795
    titleFreeBSD : curl -- multiple vulnerabilities (9fb4e57b-d65a-11e9-8a5f-e5c82b486287)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2339-2.NASL
    descriptionThis update for curl fixes the following issues : Security issue fixed : CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128870
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128870
    titleSUSE SLES12 Security Update : curl (SUSE-SU-2019:2339-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2373-1.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128873
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128873
    titleSUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:2373-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9E6357D82F.NASL
    description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128978
    published2019-09-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128978
    titleFedora 30 : curl (2019-9e6357d82f)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2252.NASL
    descriptionAccording to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130714
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130714
    titleEulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2252)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6D7F6FA2C8.NASL
    description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) ---- - avoid reporting spurious error in the HTTP2 framing layer (#1690971) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129626
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129626
    titleFedora 31 : curl (2019-6d7f6fa2c8)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1278.NASL
    descriptionAccording to the versions of the curl-openssl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134744
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134744
    titleEulerOS Virtualization 3.0.2.2 : curl-openssl (EulerOS-SA-2020-1278)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1294.NASL
    descriptionHeap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482) Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. (CVE-2019-5481)
    last seen2020-06-01
    modified2020-06-02
    plugin id129564
    published2019-10-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129564
    titleAmazon Linux AMI : curl (ALAS-2019-1294)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0032_CURL.NASL
    descriptionAn update of the curl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id130111
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130111
    titlePhoton OS 3.0: Curl PHSA-2019-3.0-0032
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1792.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1792 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) - curl: double free due to subsequent call of realloc() (CVE-2019-5481) - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-04-28
    plugin id136051
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136051
    titleRHEL 8 : curl (RHSA-2020:1792)
  • NASL familyDatabases
    NASL idMYSQL_8_0_19.NASL
    descriptionThe version of MySQL running on the remote host is 8.0.x prior to 8.0.19. It is, therefore, affected by multiple vulnerabilities, as noted in the January 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (cURL)). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. This easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server (CVE-2019-5482). - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2573) - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-05-08
    modified2020-01-16
    plugin id132958
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132958
    titleMySQL 8.0.x < 8.0.19 Multiple Vulnerabilities (Jan 2020 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2381-1.NASL
    descriptionThis update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128966
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128966
    titleSUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:2381-1)
  • NASL familyDatabases
    NASL idMYSQL_5_7_29.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.29. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (cURL)). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server (CVE-2019-5482). - Unspecified vulnerability in the optimizer component of Oracle MySQL Server. An authenticated, remote attacker could exploit this issue, to compromise the availability of the application (CVE-2020-2579). - Unspecified vulnerabilities in the InnoDB component of Oracle MySQL Server. An authenticated, remote attacker could exploit these issues, to compromise the availability of the application (CVE-2020-2577, CVE-2020-2589). Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-05-08
    modified2020-01-16
    plugin id132957
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132957
    titleMySQL 5.7.x < 5.7.29 Multiple Vulnerabilities (Jan 2020 CPU)

Redhat

advisories
bugzilla
id1749652
titleCVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet()
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentcurl-debugsource is earlier than 0:7.61.1-12.el8
          ovaloval:com.redhat.rhsa:tst:20201792001
        • commentcurl-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193701006
      • AND
        • commentlibcurl-minimal is earlier than 0:7.61.1-12.el8
          ovaloval:com.redhat.rhsa:tst:20201792003
        • commentlibcurl-minimal is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193701004
      • AND
        • commentlibcurl-devel is earlier than 0:7.61.1-12.el8
          ovaloval:com.redhat.rhsa:tst:20201792005
        • commentlibcurl-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110918012
      • AND
        • commentlibcurl is earlier than 0:7.61.1-12.el8
          ovaloval:com.redhat.rhsa:tst:20201792007
        • commentlibcurl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110918014
      • AND
        • commentcurl is earlier than 0:7.61.1-12.el8
          ovaloval:com.redhat.rhsa:tst:20201792009
        • commentcurl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110918016
rhsa
idRHSA-2020:1792
released2020-04-28
severityModerate
titleRHSA-2020:1792: curl security update (Moderate)
rpms
  • curl-0:7.61.1-12.el8
  • curl-debuginfo-0:7.61.1-12.el8
  • curl-debugsource-0:7.61.1-12.el8
  • curl-minimal-debuginfo-0:7.61.1-12.el8
  • libcurl-0:7.61.1-12.el8
  • libcurl-debuginfo-0:7.61.1-12.el8
  • libcurl-devel-0:7.61.1-12.el8
  • libcurl-minimal-0:7.61.1-12.el8
  • libcurl-minimal-debuginfo-0:7.61.1-12.el8

References