CVE-2019-5436
published 2019-05-28CVE-2019-5436: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| curl | curl | — | — |
| debian | curl | < curl 7.64.0-4 (bookworm) | curl 7.64.0-4 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| f5 | traffix_signaling_delivery_controller | 5.0.0 – 5.1.0 | — |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.64.0-4 | 7.64.0-4 |
| haxx | curl | >= 0 < 7.64.0-4 | 7.64.0-4 |
| haxx | curl | >= 0 < 7.64.0-4 | 7.64.0-4 |
| haxx | curl | >= 0 < 7.64.0-4 | 7.64.0-4 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.13 | 7.47.0-1ubuntu2.13 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.7 | 7.58.0-2ubuntu3.7 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20+esm2 | 7.35.0-1ubuntu2.20+esm2 |
| haxx | libcurl | 7.19.4 – 7.64.1 | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | mysql_server | <= 5.7.27 | — |
| oracle | mysql_server | 5.7.28 – 8.0.17 | — |
| oracle | oss_support_tools | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH