curl: Heap Buffer Overflow at lib/tftp.c

🗓️ 29 Apr 2019 18:08:38Reported by l00p3rType

hackerone

hackerone🔗 hackerone.com👁 79 Views

Heap Buffer Overflow in tftp.c due to default blksize. Potential for crash or RCE

Reporter	Title	Published	Views	Family All 235
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436)	20 Dec 201908:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in libcurl (CVE-2019-5436)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436)	11 Sep 202012:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in libcurl (CVE-2019-5436)	11 Mar 202119:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local	20 Dec 201913:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in libcurl (CVE-2019-5436)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.	21 Feb 202204:39	–	ibm
Tenable Nessus	Amazon Linux 2 : curl (ALAS-2019-1233)	24 Jul 201900:00	–	nessus
Tenable Nessus	Amazon Linux AMI : curl (ALAS-2019-1233)	26 Jul 201900:00	–	nessus

31 May 2019 20:35Current

0.5Low risk

Vulners AI Score0.5

EPSS0.15484

$200

heap buffer overflow tftp.c rce memory leak bug bounty patch.