Lucene search
AmazonALAS-2019-1233HistoryJul 17, 2019 - 11:19 p.m.
Low: curl
2019-07-1723:19:00
alas.aws.amazon.com
39
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.072 Low
EPSS
Percentile
94.0%
Issue Overview:
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. (CVE-2019-5436)
An integer overflow in curl’s URL API results in a buffer overflow in libcurl. (CVE-2019-5435)
Affected Packages:
curl
Issue Correction:
Run yum update curl to update your system.
New Packages:
i686:
curl-debuginfo-7.61.1-11.91.amzn1.i686
curl-7.61.1-11.91.amzn1.i686
libcurl-devel-7.61.1-11.91.amzn1.i686
libcurl-7.61.1-11.91.amzn1.i686
src:
curl-7.61.1-11.91.amzn1.src
x86_64:
libcurl-7.61.1-11.91.amzn1.x86_64
curl-debuginfo-7.61.1-11.91.amzn1.x86_64
libcurl-devel-7.61.1-11.91.amzn1.x86_64
curl-7.61.1-11.91.amzn1.x86_64
Additional References
Red Hat: CVE-2019-5435, CVE-2019-5436
Mitre: CVE-2019-5435, CVE-2019-5436
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | curl-debuginfo | < 7.61.1-11.91.amzn1 | curl-debuginfo-7.61.1-11.91.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | curl | < 7.61.1-11.91.amzn1 | curl-7.61.1-11.91.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libcurl-devel | < 7.61.1-11.91.amzn1 | libcurl-devel-7.61.1-11.91.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libcurl | < 7.61.1-11.91.amzn1 | libcurl-7.61.1-11.91.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | libcurl | < 7.61.1-11.91.amzn1 | libcurl-7.61.1-11.91.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | curl-debuginfo | < 7.61.1-11.91.amzn1 | curl-debuginfo-7.61.1-11.91.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libcurl-devel | < 7.61.1-11.91.amzn1 | libcurl-devel-7.61.1-11.91.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | curl | < 7.61.1-11.91.amzn1 | curl-7.61.1-11.91.amzn1.x86_64.rpm |
Related
nessus
nessus
FreeBSD : curl -- multiple vulnerabilities (dd343a2b-7ee7-11e9-a290-8ddc52868fa9)
2019-05-28 00:00:00
Fedora 30 : curl (2019-3f5b6f0f97)
2019-05-28 00:00:00
Fedora 29 : curl (2019-697de0501f)
2019-06-10 00:00:00
cloudfoundry
cloudfoundry
USN-3993-1: curl vulnerabilities | Cloud Foundry
2019-05-29 00:00:00
archlinux
archlinux
[ASA-201905-13] lib32-libcurl-gnutls: arbitrary code execution
2019-05-31 00:00:00
[ASA-201905-14] lib32-libcurl-compat: arbitrary code execution
2019-05-31 00:00:00
[ASA-201905-15] lib32-curl: arbitrary code execution
2019-05-31 00:00:00
ibm
ibm
freebsd
freebsd
curl -- multiple vulnerabilities
2019-05-22 00:00:00
curl -- multiple vulnerabilities
2019-09-11 00:00:00
slackware
slackware
[slackware-security] curl
2019-05-22 23:31:53
openvas
openvas
Fedora Update for curl FEDORA-2019-3f5b6f0f97
2019-05-26 00:00:00
Ubuntu: Security Advisory (USN-3993-1)
2019-05-23 00:00:00
Slackware: Security Advisory (SSA:2019-142-01)
2022-04-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.65.0-alt1
2019-05-24 00:00:00
amazon
amazon
Low: curl
2019-07-18 17:31:00
ubuntu
ubuntu
curl vulnerabilities
2019-05-22 00:00:00
curl vulnerability
2019-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: curl-7.64.0-7.fc30
2019-05-25 01:06:42
[SECURITY] Fedora 30 Update: curl-7.65.3-4.fc30
2019-09-18 00:56:35
[SECURITY] Fedora 29 Update: curl-7.61.1-11.fc29
2019-06-09 02:58:45
mageia
mageia
Updated curl packages fix security vulnerabilities
2019-11-30 16:06:06
gentoo
gentoo
cURL: Multiple vulnerabilities
2020-03-15 00:00:00
prion
prion
Integer overflow
2019-05-28 19:29:00
Heap overflow
2019-05-28 19:29:00
cve
cve
CVE-2019-5435
2019-05-28 19:29:00
CVE-2019-5436
2019-05-28 19:29:00
redhatcve
redhatcve
CVE-2019-5435
2019-05-22 11:21:35
CVE-2019-5436
2019-05-22 11:21:59
debiancve
debiancve
CVE-2019-5435
2019-05-28 19:29:00
CVE-2019-5436
2019-05-28 19:29:00
veracode
veracode
Integer Overflow
2020-10-29 10:41:14
Heap-based Buffer Overflow
2019-05-27 03:15:11
alpinelinux
alpinelinux
CVE-2019-5435
2019-05-28 19:29:00
CVE-2019-5436
2019-05-28 19:29:00
hackerone
hackerone
curl: Integer overflows in unescape_word()
2022-05-10 16:10:48
curl: Heap Buffer Overflow at lib/tftp.c
2019-04-29 18:08:38
curl: An integer overflow found in /lib/urlapi.c
2019-04-24 12:05:35
osv
osv
CVE-2019-5435
2019-05-28 19:29:06
curl - security update
2019-05-25 00:00:00
CVE-2019-5436
2019-05-28 19:29:06
ubuntucve
ubuntucve
CVE-2019-5436
2019-05-22 00:00:00
CVE-2019-5435
2019-05-22 00:00:00
debian
debian
[SECURITY] [DLA 1804-1] curl security update
2019-05-25 22:00:13
[SECURITY] [DSA 4633-1] curl security update
2020-02-24 19:45:52
f5
f5
K08125515 : cURL vulnerability CVE-2019-5435
2019-07-02 00:00:00
K55133295 : cURL and libcurl vulnerability CVE-2019-5436
2019-07-25 00:00:00
suse
suse
Security update for curl (important)
2019-06-03 00:00:00
Security update for curl (important)
2019-06-04 00:00:00
redhat
redhat
(RHSA-2020:2505) Low: curl security update
2020-06-10 16:19:40
(RHSA-2020:1020) Low: curl security and bug fix update
2020-03-31 09:09:24
(RHSA-2020:1792) Moderate: curl security update
2020-04-28 09:16:55
centos
centos
curl, libcurl security update
2020-04-08 17:51:50
checkpoint_advisories
checkpoint_advisories
cURL and libcurl TFTP Heap Buffer Overflow (CVE-2019-5436)
2020-02-25 00:00:00
oraclelinux
oraclelinux
curl security update
2020-05-05 00:00:00
curl security and bug fix update
2020-04-06 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2019-0017
2019-06-06 00:00:00
Important Photon OS Security Update - PHSA-2019-3.0-0017
2019-06-06 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.072 Low
EPSS
Percentile
94.0%
Related for ALAS-2019-1233