Vulnerabilities > CVE-2019-5482 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-5561.NASL description Description of changes: [7.19.7-54.0.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] 462 last seen 2020-03-18 modified 2020-03-10 plugin id 134358 published 2020-03-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134358 title Oracle Linux 6 : curl (ELSA-2020-5561) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Oracle Linux Security Advisory ELSA-2020-5561. # include("compat.inc"); if (description) { script_id(134358); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2019-5482"); script_name(english:"Oracle Linux 6 : curl (ELSA-2020-5561)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Description of changes: [7.19.7-54.0.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] 462" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-March/009686.html" ); script_set_attribute(attribute:"solution", value:"Update the affected curl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libcurl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libcurl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/16"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"curl-7.19.7-54.0.2.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"libcurl-7.19.7-54.0.2.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"libcurl-devel-7.19.7-54.0.2.el6_10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / libcurl / libcurl-devel"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-254-01.NASL description New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128749 published 2019-09-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128749 title Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-254-01) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-5562.NASL description Description of changes: [7.29.0-54.0.5.el7_7.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] last seen 2020-03-18 modified 2020-03-10 plugin id 134359 published 2020-03-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134359 title Oracle Linux 7 : curl (ELSA-2020-5562) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1340.NASL description Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) last seen 2020-06-01 modified 2020-06-02 plugin id 130236 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130236 title Amazon Linux 2 : curl (ALAS-2019-1340) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1917.NASL description It was discovered that there was a heap buffer overflow vulnerability in curl, the library and command-line tool for transferring data over the internet. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 128777 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128777 title Debian DLA-1917-1 : curl security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_21D59EA3855911EAA5E2D4C9EF517024.NASL description Oracle reports : This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. MariaDB reports 4 of these vulnerabilities exist in their software last seen 2020-05-19 modified 2020-04-24 plugin id 135941 published 2020-04-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135941 title FreeBSD : MySQL Server -- Multiple vulerabilities (21d59ea3-8559-11ea-a5e2-d4c9ef517024) NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2020_CPU.NASL description The version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the Networking (Oracle Security Service) component of Oracle Enterprise Manager Ops Center. An easy to exploit vulnerability could allow unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2018-11058) - An unspecified vulnerability in the Networking (RSA Bsafe) component of Oracle Enterprise Manager Ops Center. A difficult to exploit vulnerability could allow a low privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-1547) - An unspecified vulnerability in the Networking (cURL) component of Oracle Enterprise Manager Ops Center. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-5482) last seen 2020-05-08 modified 2020-01-20 plugin id 133091 published 2020-01-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133091 title Oracle Enterprise Manager Ops Center (Jan 2020 CPU) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1271.NASL description According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2020-03-20 plugin id 134737 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134737 title EulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2020-1271) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0177_CURL.NASL description An update of the curl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 129689 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129689 title Photon OS 2.0: Curl PHSA-2019-2.0-0177 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2101.NASL description According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-11-12 plugin id 130810 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130810 title EulerOS 2.0 SP8 : curl (EulerOS-SA-2019-2101) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2149.NASL description This update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 128987 published 2019-09-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128987 title openSUSE Security Update : curl (openSUSE-2019-2149) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2136.NASL description According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-12 plugin id 130845 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130845 title EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-2136) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-29.NASL description The remote host is affected by the vulnerability described in GLSA-202003-29 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134606 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134606 title GLSA-202003-29 : cURL: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2019-F2A520135E.NASL description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129424 published 2019-09-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129424 title Fedora 29 : curl (2019-f2a520135e) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4129-1.NASL description Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128754 published 2019-09-12 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128754 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : curl vulnerabilities (USN-4129-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2169.NASL description This update for curl fixes the following issues : Security issues fixed : - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129338 published 2019-09-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129338 title openSUSE Security Update : curl (openSUSE-2019-2169) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1233.NASL description According to the versions of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134522 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134522 title EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2020-1233) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4633.NASL description Multiple vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2019-5436 A heap buffer overflow in the TFTP receiving code was discovered, which could allow DoS or arbitrary code execution. This only affects the oldstable distribution (stretch). - CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. - CVE-2019-5482 Thomas Vegas discovered a heap buffer overflow that could be triggered when a small non-default TFTP blocksize is used. last seen 2020-03-17 modified 2020-02-25 plugin id 133968 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133968 title Debian DSA-4633-1 : curl - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2410.NASL description According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.(CVE-2015-3153) - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842) - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131902 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131902 title EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1070.NASL description According to the versions of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].(CVE-2019-5482) - This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2019-5481) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132824 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132824 title EulerOS Virtualization for ARM 64 3.0.5.0 : curl (EulerOS-SA-2020-1070) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9FB4E57BD65A11E98A5FE5C82B486287.NASL description curl security problems : CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl last seen 2020-06-01 modified 2020-06-02 plugin id 128795 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128795 title FreeBSD : curl -- multiple vulnerabilities (9fb4e57b-d65a-11e9-8a5f-e5c82b486287) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2339-2.NASL description This update for curl fixes the following issues : Security issue fixed : CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128870 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128870 title SUSE SLES12 Security Update : curl (SUSE-SU-2019:2339-2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2373-1.NASL description This update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128873 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128873 title SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:2373-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-9E6357D82F.NASL description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128978 published 2019-09-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128978 title Fedora 30 : curl (2019-9e6357d82f) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2252.NASL description According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130714 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130714 title EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2252) NASL family Fedora Local Security Checks NASL id FEDORA_2019-6D7F6FA2C8.NASL description - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) ---- - avoid reporting spurious error in the HTTP2 framing layer (#1690971) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129626 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129626 title Fedora 31 : curl (2019-6d7f6fa2c8) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1278.NASL description According to the versions of the curl-openssl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436) - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2020-03-20 plugin id 134744 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134744 title EulerOS Virtualization 3.0.2.2 : curl-openssl (EulerOS-SA-2020-1278) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1294.NASL description Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482) Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. (CVE-2019-5481) last seen 2020-06-01 modified 2020-06-02 plugin id 129564 published 2019-10-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129564 title Amazon Linux AMI : curl (ALAS-2019-1294) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0032_CURL.NASL description An update of the curl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 130111 published 2019-10-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130111 title Photon OS 3.0: Curl PHSA-2019-3.0-0032 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1792.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1792 advisory. - curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) - curl: double free due to subsequent call of realloc() (CVE-2019-5481) - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-28 plugin id 136051 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136051 title RHEL 8 : curl (RHSA-2020:1792) NASL family Databases NASL id MYSQL_8_0_19.NASL description The version of MySQL running on the remote host is 8.0.x prior to 8.0.19. It is, therefore, affected by multiple vulnerabilities, as noted in the January 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (cURL)). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. This easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server (CVE-2019-5482). - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2573) - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-05-08 modified 2020-01-16 plugin id 132958 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132958 title MySQL 8.0.x < 8.0.19 Multiple Vulnerabilities (Jan 2020 CPU) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2381-1.NASL description This update for curl fixes the following issues : Security issues fixed : CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128966 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128966 title SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:2381-1) NASL family Databases NASL id MYSQL_5_7_29.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.29. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (cURL)). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server (CVE-2019-5482). - Unspecified vulnerability in the optimizer component of Oracle MySQL Server. An authenticated, remote attacker could exploit this issue, to compromise the availability of the application (CVE-2020-2579). - Unspecified vulnerabilities in the InnoDB component of Oracle MySQL Server. An authenticated, remote attacker could exploit these issues, to compromise the availability of the application (CVE-2020-2577, CVE-2020-2589). Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-05-08 modified 2020-01-16 plugin id 132957 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132957 title MySQL 5.7.x < 5.7.29 Multiple Vulnerabilities (Jan 2020 CPU)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://curl.haxx.se/docs/CVE-2019-5482.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html
- https://security.netapp.com/advisory/ntap-20191004-0003/
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://seclists.org/bugtraq/2020/Feb/36
- https://www.debian.org/security/2020/dsa-4633
- https://security.gentoo.org/glsa/202003-29
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/