CVE-2019-5482: Buffer Overflow
First published: Wed Sep 11 2019(Updated: )
cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet function. By sending specially-crafted request containing an OACK without the BLKSIZE option, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/curl | 7.64.0-4+deb10u2 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 | |
| debian/curl | <=7.52.1-5+deb9u9<=7.52.1-1<=7.64.0-4<=7.65.3-1 | |
| IBM Security Guardium | <=10.5 | |
| IBM Security Guardium | <=10.6 | |
| IBM Security Guardium | <=11.0 | |
| IBM Security Guardium | <=11.1 | |
| IBM Security Guardium | <=11.2 | |
| IBM Security Guardium | <=11.3 | |
| Haxx Curl | >=7.19.4<=7.65.3 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| Netapp Cloud Backup | ||
| NetApp OnCommand Insight | ||
| Netapp Oncommand Unified Manager Windows | >=7.3 | |
| Netapp Oncommand Unified Manager Vmware Vsphere | >=9.5 | |
| NetApp OnCommand Workflow Automation | ||
| Netapp Snapcenter | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Oracle Communications Operations Monitor | =3.4 | |
| Oracle Communications Operations Monitor | =4.0 | |
| Oracle Communications Operations Monitor | =4.1 | |
| Oracle Communications Operations Monitor | =4.2 | |
| Oracle Communications Operations Monitor | =4.3 | |
| Oracle Communications Session Border Controller | =8.3 | |
| Oracle Communications Session Border Controller | =8.4 | |
| Oracle Enterprise Manager Ops Center | =12.3.3 | |
| Oracle Enterprise Manager Ops Center | =12.4.0 | |
| Oracle HTTP Server | =12.2.1.3.0 | |
| Oracle HTTP Server | =12.2.1.4.0 | |
| Oracle Hyperion Essbase | =11.1.2.4 | |
| Oracle Mysql Server | >=5.0.0<=5.7.28 | |
| Oracle Mysql Server | >=8.0.0<=8.0.18 | |
| Oracle OSS Support Tools | =20.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://curl.haxx.se/docs/CVE-2019-5482.html
- https://github.com/curl/curl/commit/0516ce7786e9500c2e447d48aa9b3f24a6ca70f9
- https://github.com/curl/curl/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d
- https://security-tracker.debian.org/tracker/CVE-2019-5482
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482
- https://security-tracker.debian.org/tracker/CVE-2019-5481
- https://curl.haxx.se/docs/CVE-2019-5481.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940010
- https://exchange.xforce.ibmcloud.com/vulnerabilities/166942
- https://www.ibm.com/support/pages/node/6455281 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/
- https://seclists.org/bugtraq/2020/Feb/36
- https://security.gentoo.org/glsa/202003-29
- https://security.netapp.com/advisory/ntap-20191004-0003/
- https://security.netapp.com/advisory/ntap-20200416-0003/
- https://www.debian.org/security/2020/dsa-4633
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-5482.
What is the title of the vulnerability?
The title of the vulnerability is 'Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.'
What is the severity of CVE-2019-5482?
The severity of CVE-2019-5482 is critical, with a severity value of 9.8.
What is the affected software for this vulnerability?
The affected software includes cURL versions 7.19.4 to 7.65.3, IBM Security Guardium versions up to 11.3, Haxx Curl, and various other products and versions listed in the vulnerability description.
How do I fix CVE-2019-5482?
The recommended fix for CVE-2019-5482 is to update the affected software to the versions specified in the vulnerability description.
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2019-5482
- agent/type
- agent/last-modified-date
- collector/ibm-support
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/tags
- package-manager/debian
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/10.5
- version/ibm security guardium/10.6
- version/ibm security guardium/11.0
- version/ibm security guardium/11.1
- version/ibm security guardium/11.2
- version/ibm security guardium/11.3
- vendor/haxx
- canonical/haxx curl
- version/haxx curl/7.19.4
- version/haxx curl/7.65.3
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp oncommand insight
- canonical/netapp oncommand unified manager windows
- version/netapp oncommand unified manager windows/7.3
- canonical/netapp oncommand unified manager vmware vsphere
- version/netapp oncommand unified manager vmware vsphere/9.5
- canonical/netapp oncommand workflow automation
- canonical/netapp snapcenter
- canonical/netapp steelstore cloud integrated storage
- vendor/oracle
- canonical/oracle communications operations monitor
- version/oracle communications operations monitor/3.4
- version/oracle communications operations monitor/4.0
- version/oracle communications operations monitor/4.1
- version/oracle communications operations monitor/4.2
- version/oracle communications operations monitor/4.3
- canonical/oracle communications session border controller
- version/oracle communications session border controller/8.3
- version/oracle communications session border controller/8.4
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.3.3
- version/oracle enterprise manager ops center/12.4.0
- canonical/oracle http server
- version/oracle http server/12.2.1.3.0
- version/oracle http server/12.2.1.4.0
- canonical/oracle hyperion essbase
- version/oracle hyperion essbase/11.1.2.4
- canonical/oracle mysql server
- version/oracle mysql server/5.0.0
- version/oracle mysql server/5.7.28
- version/oracle mysql server/8.0.0
- version/oracle mysql server/8.0.18
- canonical/oracle oss support tools
- version/oracle oss support tools/20.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0