CVE-2019-3823 — Out-of-bounds Read in Libcurl

CWE-125 — Out-of-bounds Read10 documents9 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Haxx Libcurl THE Curl Project Curl +5 more

Timeline

PublishedFeb 6

Latest updateMay 13

Description

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDhaxx/libcurl7.34.0 — 7.64.0

▶Debianhaxx/curl< 7.64.0-1+3

▶NVDoracle/http_server12.2.1.3.0

▶CVEListV5the_curl_project/curl7.64.0

▶NVDoracle/secure_global_desktop5.4

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugzilla.redhat.com ↗Patch: curl.haxx.se ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-xmjh-hmw3-hqhr: libcurl versions from 7↗2022-05-13

▶

CVEList

CVE-2019-3823: libcurl versions from 7↗2019-02-06

▶

OSV

CVE-2019-3823: libcurl versions from 7↗2019-02-06

▶

📋Vendor Advisories

Red Hat

curl: SMTP end-of-response out-of-bounds read↗2019-02-06

▶

Ubuntu

curl vulnerabilities↗2019-02-06

▶

Debian

CVE-2019-3823: curl - libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bo...↗2019

▶

💬Community

HackerOne

libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823↗2021-01-08

▶

Bugzilla

CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read [fedora-all]↗2019-02-06

▶

Bugzilla

CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read↗2019-01-29

▶