CVE-2019-3822Stack-based Buffer Overflow in Libcurl

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write10 documents8 sources
Severity
9.8CRITICALNVD
EPSS
16.6%
top 5.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Haxx CurlHaxx LibcurlOracle Mysql Server+11 more
Timeline
PublishedFeb 6
Latest updateMay 13

Description

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

NVDoracle/http_server12.2.1.3.0
NVDhaxx/libcurl7.36.07.64.0
NVDoracle/mysql_server5.7.278.0.15+1
Debianhaxx/curl< 7.64.0-1+3

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: curl.haxx.sePatch: security.netapp.com

🔴Vulnerability Details

4
GHSA
GHSA-8wr2-mqj7-7vxp: libcurl versions from 72022-05-13
OSV
CVE-2019-3822: libcurl versions from 72019-02-06
CVEList
CVE-2019-3822: libcurl versions from 72019-02-06
OSV
curl vulnerabilities2019-02-06

📋Vendor Advisories

3
Red Hat
curl: NTLMv2 type-3 header stack buffer overflow2019-02-06
Ubuntu
curl vulnerabilities2019-02-06
Debian
CVE-2019-3822: curl - libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based bu...2019

💬Community

2
Bugzilla
CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow [fedora-all]2019-02-06
Bugzilla
CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow2019-01-29
CVE-2019-3822 — Stack-based Buffer Overflow in Libcurl | cvebase