7.8

CVE-2019-5436

Exploit
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxLibcurl Version >= 7.19.4 <= 7.64.1
OpensuseLeap Version15.0
OpensuseLeap Version15.1
OpensuseLeap Version42.3
FedoraprojectFedora Version29
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
F5Traffix Signaling Delivery Controller Version >= 5.0.0 <= 5.1.0
NetappSolidfire Version-
OracleMysql Server Version <= 5.7.27
OracleMysql Server Version >= 5.7.28 <= 8.0.17
OracleOss Support Tools Version20.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 49.74% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
https://security.gentoo.org/glsa/202003-29
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190606-0004/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2019/09/11/6
Patch
Third Party Advisory
Mailing List
https://curl.haxx.se/docs/CVE-2019-5436.html
Patch
Vendor Advisory
Exploit
https://seclists.org/bugtraq/2020/Feb/36
Third Party Advisory
Mailing List
https://support.f5.com/csp/article/K55133295
Third Party Advisory
https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS
https://www.debian.org/security/2020/dsa-4633
Third Party Advisory