Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Published

2019-02-06T20:29:00.353

Last Modified

2024-11-21T04:42:36.923

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	libcurl	< 7.64.0	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	18.10	Yes
Operating System	debian	debian_linux	9.0	Yes
Application	netapp	active_iq_unified_manager	≥ 7.3	Yes
Application	netapp	active_iq_unified_manager	≥ 9.5	Yes
Application	netapp	clustered_data_ontap	*	Yes
Application	netapp	oncommand_insight	-	Yes
Application	netapp	oncommand_workflow_automation	-	Yes
Application	netapp	snapcenter	-	Yes
Application	siemens	sinema_remote_connect_client	≤ 2.0	Yes
Application	oracle	communications_operations_monitor	3.4	Yes
Application	oracle	communications_operations_monitor	4.0	Yes
Application	oracle	enterprise_manager_ops_center	12.3.3	Yes
Application	oracle	enterprise_manager_ops_center	12.4.0	Yes
Application	oracle	http_server	12.2.1.3.0	Yes
Application	oracle	mysql_server	≤ 5.7.26	Yes
Application	oracle	mysql_server	≤ 8.0.15	Yes
Application	oracle	secure_global_desktop	5.4	Yes
Application	oracle	services_tools_bundle	19.2	Yes
Operating System	redhat	enterprise_linux	8.0	Yes

References

http://www.securityfocus.com/bid/106950 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2019:3701 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822 Exploit, Issue Tracking, Patch, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf Third Party Advisory ([email protected])
https://curl.haxx.se/docs/CVE-2019-3822.html Patch, Vendor Advisory ([email protected])
https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E ([email protected])
https://security.gentoo.org/glsa/201903-03 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20190315-0001/ Patch, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20190719-0004/ Third Party Advisory ([email protected])
https://support.f5.com/csp/article/K84141449 Third Party Advisory ([email protected])
https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp%3Butm_medium=RSS ([email protected])
https://usn.ubuntu.com/3882-1/ Third Party Advisory ([email protected])
https://www.debian.org/security/2019/dsa-4386 Third Party Advisory ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/106950 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3701 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822 Exploit, Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://curl.haxx.se/docs/CVE-2019-3822.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201903-03 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190315-0001/ Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190719-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K84141449 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp%3Butm_medium=RSS (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3882-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4386 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)