Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5482

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Published

2019-09-16T19:15:10.633

Last Modified

2024-11-21T04:45:01.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-122
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	≤ 7.65.3	Yes
Operating System	fedoraproject	fedora	29	Yes
Operating System	fedoraproject	fedora	30	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	opensuse	leap	15.0	Yes
Operating System	opensuse	leap	15.1	Yes
Application	netapp	cloud_backup	-	Yes
Application	netapp	oncommand_insight	-	Yes
Application	netapp	oncommand_unified_manager	≥ 7.3	Yes
Application	netapp	oncommand_unified_manager	≥ 9.5	Yes
Application	netapp	oncommand_workflow_automation	-	Yes
Application	netapp	snapcenter	-	Yes
Application	netapp	steelstore_cloud_integrated_storage	-	Yes
Application	oracle	communications_operations_monitor	3.4	Yes
Application	oracle	communications_operations_monitor	4.0	Yes
Application	oracle	communications_operations_monitor	4.1	Yes
Application	oracle	communications_operations_monitor	4.2	Yes
Application	oracle	communications_operations_monitor	4.3	Yes
Application	oracle	communications_session_border_controller	8.3	Yes
Application	oracle	communications_session_border_controller	8.4	Yes
Application	oracle	enterprise_manager_ops_center	12.3.3	Yes
Application	oracle	enterprise_manager_ops_center	12.4.0	Yes
Application	oracle	http_server	12.2.1.3.0	Yes
Application	oracle	http_server	12.2.1.4.0	Yes
Application	oracle	hyperion_essbase	11.1.2.4	Yes
Application	oracle	mysql_server	≤ 5.7.28	Yes
Application	oracle	mysql_server	≤ 8.0.18	Yes
Application	oracle	oss_support_tools	20.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html Mailing List, Third Party Advisory ([email protected])
https://curl.haxx.se/docs/CVE-2019-5482.html Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/ ([email protected])
https://seclists.org/bugtraq/2020/Feb/36 Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202003-29 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20191004-0003/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20200416-0003/ Third Party Advisory ([email protected])
https://www.debian.org/security/2020/dsa-4633 Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2020.html Patch, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://curl.haxx.se/docs/CVE-2019-5482.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/ (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2020/Feb/36 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202003-29 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20191004-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20200416-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4633 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)