7.5

CVE-2019-3823

Exploit
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxLibcurl Version >= 7.34.0 < 7.64.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version9.0
OracleHTTP Server Version12.2.1.3.0
OracleSecure Global Desktop Version5.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.29% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
secalert@redhat.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://security.gentoo.org/glsa/201903-03
Third Party Advisory
https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:3701
https://security.netapp.com/advisory/ntap-20190315-0001/
Third Party Advisory
Exploit
https://usn.ubuntu.com/3882-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4386
Third Party Advisory
http://www.securityfocus.com/bid/106950
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823
Patch
Third Party Advisory
Exploit
Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
https://curl.haxx.se/docs/CVE-2019-3823.html
Patch
Vendor Advisory