CVE-2019-5481: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

CVE-2019-5481 [CRITICAL] CWE-415 GHSA-hr98-frg6-wvvr: Double-free vulnerability in the FTP-kerberos code in cURL 7 Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

CVE-2019-5481 [CRITICAL] CVE-2019-5481: Double-free vulnerability in the FTP-kerberos code in cURL 7 Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

CVE-2019-5481 [CRITICAL] curl vulnerabilities curl vulnerabilities Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482)

CVE-2019-5481 [CRITICAL] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2019-5481 [CRITICAL] CWE-416 curl: double free due to subsequent call of realloc() curl: double free due to subsequent call of realloc() Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Not affected Package: rh-dotnet22-curl (.NET Core 2.2 on Red Hat Enterprise Linux) - Not affected Package: curl (Red Hat Enterprise Linux 5) - Not affected Package: curl (Red Hat Enterprise Linux 6) - Not affected Package: curl (Red Hat Enterprise Linux 7) - Not affected Package: curl (Red Hat JBoss Web Server 5) - Not affected Package: httpd24-curl (Red Hat Software Collections) - Will not fix

CVE-2019-5481 [CRITICAL] CVE-2019-5481: curl - Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Scope: local bookworm: resolved (fixed in 7.66.0-1) bullseye: resolved (fixed in 7.66.0-1) forky: resolved (fixed in 7.66.0-1) sid: resolved (fixed in 7.66.0-1) trixie: resolved (fixed in 7.66.0-1)

CVE-2019-5481 [CRITICAL] CVE-2019-5481: krb5: double-free in read_data() after realloc() fail CVE-2019-5481: krb5: double-free in read_data() after realloc() fail ## Summary: In 'lib/security.c', there is a double-free of the reference 'buf->data' on the teardown path if 'Curl_saferealloc()' fails. Also, since we read 'len' from the 'fd', the sender might be able to remotely trigger a realloc() failure, and then the double-free, by sending the value 0x7fffffff. Introduced by 0649433da realloc: use Curl_saferealloc to avoid common mistakes ## Steps To Reproduce: Actual double-free was not reproduced. The realloc failure with particular 'len' value can be reproduced on my 32bits linux machine with following code: ```C #include #include int main(void) { void *ptr = malloc(10); if (!ptr) return -1; int len = 0x7fffffff; void *ptr2 = realloc(ptr, len); if (!ptr2) { printf("Triggere

CVE-2019-5481 [CRITICAL] CVE-2019-5481 mingw-curl: curl: double free due to subsequent call of realloc() [epel-7] CVE-2019-5481 mingw-curl: curl: double free due to subsequent call of realloc() [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. Discussion: Use the following template to fo

CVE-2019-5481 [CRITICAL] CVE-2019-5481 mingw-curl: curl: double free due to subsequent call of realloc() [fedora-all] CVE-2019-5481 mingw-curl: curl: double free due to subsequent call of realloc() [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple sup

CVE-2019-5481 [CRITICAL] CVE-2019-5481 curl: double free due to subsequent call of realloc() [fedora-all] CVE-2019-5481 curl: double free due to subsequent call of realloc() [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versi

CVE-2019-5481 [CRITICAL] CVE-2019-5481 curl: double free due to subsequent call of realloc() CVE-2019-5481 curl: double free due to subsequent call of realloc() During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following. A malicious or just broken server can claim to send a very large block and if by doing that it makes curl's subsequent call to `realloc()` to fail, curl would then misbehave in the exit path and double-free the memory. Discussion: Acknowledgments: Name: the Curl project Upstream: Thomas Vegas --- What is the impact and cvss score for this issue? https://access.redhat.com/security/cve/CVE-2019-5481 gives me 404. --- Upstream patch: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5 This flaw was introduced in November

PTAuth: Temporal Memory Safety via Robust Points-to Authentication : Temporal Memory Safety via Robust Points-to Authentication Reza Mirzazade Farkhani Northeastern University [email protected] Mansour Ahmadi Northeastern University [email protected] Long Lu Northeastern University [email protected] gobble page1 ## Abstract Temporal memory corruptions are commonly exploited software vulnerabilities that can lead to powerful attacks. Despite significant progress made by decades of research on mitigation techniques, existing countermeasures fall short due to either limited coverage or overly high overhead. Furthermore, they require external mechanisms (e.g., spatial memory safety) to protect their metadata. Otherwise, their protection can be bypassed or disabled. To address these limitations, we present robust points-to