Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

The vulnerability of the tftp_receive_packet() function in the libcurl library, related to the issue of outputting operations beyond the buffer in memory, allows a attacker to cause a service failure or execute arbitrary code.

🗓️ 29 Oct 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec🔗 bdu.fstec.ru👁 1 Views

The vulnerability in libcurl tftp_receive_packet allows a buffer overread, risking service failure or arbitrary code execution.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436)
20 Dec 201908:47
ibm
IBM Security Bulletins		Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
13 Aug 202122:15
ibm
IBM Security Bulletins		Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in libcurl (CVE-2019-5436)
7 Dec 202322:45
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436)
11 Sep 202012:41
ibm
IBM Security Bulletins		Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in libcurl (CVE-2019-5436)
11 Mar 202119:35
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local
20 Dec 201913:58
ibm
IBM Security Bulletins		Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in libcurl (CVE-2019-5436)
7 Dec 202322:45
ibm
IBM Security Bulletins		Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.
21 Feb 202204:39
ibm
Tenable Nessus		Amazon Linux 2 : curl (ALAS-2019-1233)
24 Jul 201900:00
nessus
Tenable Nessus		Amazon Linux AMI : curl (ALAS-2019-1233)
26 Jul 201900:00
nessus
Rows per page
Vulners
Node
oracleenterprise_manager_ops_centerMatch12.3.3
OR
novellsuse_enterprise_storageMatch4
OR
novellsuse_openstack_cloudMatch7
OR
novellsuse_linux_enterprise_module_for_open_buildservice_development_toolsMatch15
OR
daniel_stenberglibcurlRange7.19.47.64.1
OR
novellsuse_linux_enterprise_module_for_basesystemMatch15
OR
novellsuse_caas_platformMatch3.0
OR
oracleenterprise_manager_ops_centerMatch12.4.0
OR
novellopenstack_cloud_magnum_orchestrationMatch7
OR
oraclemysql_serverRange5.7.27
OR
oraclemysql_serverRange<8.0.17
OR
oraclemysql_serverRange8.0.17
OR
novellopensuse_leapMatch42.3
OR
fedorafedoraMatch29
OR
novellopensuse_leapMatch15.0
OR
novellsuse_linux_enterprise_serverMatch12-ltss
OR
novellsuse_linux_enterprise_server_for_sap_applicationsMatch12-ltss
OR
novellopensuse_leapMatch15.1
OR
novellsuse_linux_enterprise_serverMatch11-security
OR
novellsuse_linux_enterprise_server_for_sap_applicationsMatch11-security

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2023 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 24.6
CVSS 37.8
EPSS0.49739
tftp receive packetlibcurl vulnerabilitybuffer overreadservice failurearbitrary code executionmemory buffer
1