CVE-2019-5443

CWE-94 — Code Injection CWE-4279 documents7 sources

Severity

7.8HIGH

EPSS

1.0%

top 23.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Oracle Mysql Server Netapp Oncommand Unified Manager +3 more

Timeline

PublishedJul 2

Latest updateMay 24

Description

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5curl7.65.1

▶NVDhaxx/curl7.65.1

▶NVDoracle/mysql_server5.0.0 — 5.7.27+1

▶NVDoracle/http_server12.2.1.3.0, 12.2.1.4.0+1

▶NVDoracle/oss_support_tools20.0

Patches

Patch: www.openwall.com ↗Patch: curl.haxx.se ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-79v3-h2vf-vcg6: A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7↗2022-05-24

▶

CVEList

CVE-2019-5443: A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7↗2019-07-02

▶

📋Vendor Advisories

Red Hat

curl: Windows OpenSSL engine code injection↗2019-06-25

▶

Debian

CVE-2019-5443: curl - A non-privileged user or program can put code and a config file in a known non-p...↗2019

▶

💬Community

HackerOne

curl on Windows can be forced to execute code via OpenSSL environment variables↗2021-02-08

▶

Bugzilla

CVE-2019-5443 curl: Windows OpenSSL engine code injection↗2019-11-13

▶

Bugzilla

CVE-2019-10211 postgresql: Windows installer bundled OpenSSL executes code from unprotected directory↗2019-07-30

▶

HackerOne

CVE-2019-5443: Windows Privilege Escalation: Malicious OpenSSL Engine↗2019-06-29

▶