Siemens SCALANCE and SIMATIC libcurl (Update B)

2021-09-14T12:00:00

Description

## 1\. EXECUTIVE SUMMARY * **CVSS v3 7.5** * **ATTENTION: **Exploitable remotely/low attack complexity * **Vendor: **Siemens * **Equipment:** SCALANCE and SIMATIC * **Vulnerability: **Out-of-bounds Read ## 2\. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl (Update A) that was published March 9, 2021, to the ICS webpage on us-cert.cisa.gov. ## 3\. RISK EVALUATION Successful exploitation of this third-party vulnerability could allow an attacker to cause a denial-of-service condition on the affected devices. ## 4\. TECHNICAL DETAILS ### 4.1 AFFECTED PRODUCTS The following Siemens products are affected by the third-party component libcurl: * SCALANCE SC600 Family: all versions prior to v2.0 **\--------- Begin Update B Part 1 of 2 ---------** * SIMATIC NET CM 1542-1: all versions prior to v3.0 **\--------- End Update B Part 1 of 2 --------- ** * SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants): v3.0.33, v3.0.44 and v3.0.53 ### 4.2 VULNERABILITY OVERVIEW #### 4.2.1 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The libcurl library Versions 7.34.0 through 7.63.0 are vulnerable to a heap out-of-bounds read condition in the code handling the end-of-response for SMTP. This vulnerability could allow an attacker to trigger a denial-of-service condition on the affected devices. [CVE-2019-3823](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). ### 4.3 BACKGROUND * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple * **COUNTRIES/AREAS DEPLOYED: **Worldwide * **COMPANY HEADQUARTERS LOCATION:** Germany ### 4.4 RESEARCHER Siemens reported this vulnerability to CISA. ## 5\. MITIGATIONS Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk: * SCALANCE SC600: [Update to v2.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109769665/>) **\--------- Begin Update B Part 2 of 2 --------- ** * SIMATIC NET CM 1542-1: [Update to v3.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109801629/>) **\--------- End Update B Part 2 of 2 --------- ** * Disable the SMTP Client function on affected devices or use VPN for protecting SMTP traffic to trusted email servers only. The impact of additional libcurl vulnerabilities is described in Siemens Security Advisory [SSA-436177](<https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf>) CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>). * Locate control system networks and remote devices behind firewalls, and isolate them from the business network. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>). Additional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target this vulnerability. ### Vendor Siemens

{"id": "ICSA-21-068-10", "vendorId": null, "type": "ics", "bulletinFamily": "info", "title": "Siemens SCALANCE and SIMATIC libcurl (Update B)", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendor: **Siemens\n * **Equipment:** SCALANCE and SIMATIC\n * **Vulnerability: **Out-of-bounds Read\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the advisory update titled ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl (Update A) that was published March 9, 2021, to the ICS webpage on us-cert.cisa.gov.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of this third-party vulnerability could allow an attacker to cause a denial-of-service condition on the affected devices.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following Siemens products are affected by the third-party component libcurl:\n\n * SCALANCE SC600 Family: all versions prior to v2.0\n\n**\\--------- Begin Update B Part 1 of 2 ---------**\n\n * SIMATIC NET CM 1542-1: all versions prior to v3.0\n\n**\\--------- End Update B Part 1 of 2 --------- **\n\n * SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants): v3.0.33, v3.0.44 and v3.0.53\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe libcurl library Versions 7.34.0 through 7.63.0 are vulnerable to a heap out-of-bounds read condition in the code handling the end-of-response for SMTP. This vulnerability could allow an attacker to trigger a denial-of-service condition on the affected devices. \n\n[CVE-2019-3823](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 4.4 RESEARCHER\n\nSiemens reported this vulnerability to CISA.\n\n## 5\\. MITIGATIONS\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce risk:\n\n * SCALANCE SC600: [Update to v2.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109769665/>)\n\n**\\--------- Begin Update B Part 2 of 2 --------- **\n\n * SIMATIC NET CM 1542-1: [Update to v3.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109801629/>)\n\n**\\--------- End Update B Part 2 of 2 --------- **\n\n * Disable the SMTP Client function on affected devices or use VPN for protecting SMTP traffic to trusted email servers only.\n\nThe impact of additional libcurl vulnerabilities is described in Siemens Security Advisory [SSA-436177](<https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability. \n\n### Vendor\n\nSiemens\n", "published": "2021-09-14T12:00:00", "modified": "2021-09-14T12:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-10", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-10&title=%20Siemens%20SCALANCE%20and%20SIMATIC%20libcurl%20%28Update%20B%29", "http://twitter.com/intent/tweet?text=%20Siemens%20SCALANCE%20and%20SIMATIC%20libcurl%20%28Update%20B%29+https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-10", "https://www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-10", "mailto:?subject=%20Siemens%20SCALANCE%20and%20SIMATIC%20libcurl%20%28Update%20B%29&body=https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-10", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://support.industry.siemens.com/cs/ww/en/view/109769665/", "https://support.industry.siemens.com/cs/ww/en/view/109801629/", "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", "https://us-cert.cisa.gov/ics/recommended-practices", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.facebook.com/CISA", "https://twitter.com/CISAgov", "https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency", "https://www.youtube.com/@cisagov", "https://www.instagram.com/cisagov", "https://www.dhs.gov/accessibility", "https://www.dhs.gov/performance-financial-reports", "https://www.dhs.gov", "https://www.dhs.gov/foia", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/"], "cvelist": ["CVE-2019-3823"], "immutableFields": [], "lastseen": "2023-03-14T18:30:21", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS2-2019-1162"]}, {"type": "archlinux", "idList": ["ASA-201902-10", "ASA-201902-11", "ASA-201902-12", "ASA-201902-13", "ASA-201902-9"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:057632FDE3425E82800DCEC32F03F510"]}, {"type": "cve", "idList": ["CVE-2019-3823"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1672-1:150F0", "DEBIAN:DSA-4386-1:8CA8C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-3823"]}, {"type": "fedora", "idList": ["FEDORA:7CCA26069A73", "FEDORA:995AF61F9AAB", "FEDORA:D8E6160F62FB"]}, {"type": "freebsd", "idList": ["714B033A-2B09-11E9-8BC3-610FD6E6CD05"]}, {"type": "gentoo", "idList": ["GLSA-201903-03"]}, {"type": "hackerone", "idList": ["H1:518097"]}, {"type": "ibm", "idList": ["9F3C4C50CE56EAE77267FE45D46F5180B779FC1108FDDCB1753F71524E0BAE37"]}, {"type": "ics", "idList": ["ICSA-19-099-04", "ICSA-20-068-10"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1162.NASL", "CENTOS8_RHSA-2019-3701.NASL", "DEBIAN_DLA-1672.NASL", "DEBIAN_DSA-4386.NASL", "FEDORA_2019-43489941FF.NASL", "FREEBSD_PKG_714B033A2B0911E98BC3610FD6E6CD05.NASL", "GENTOO_GLSA-201903-03.NASL", "MYSQL_5_7_27_JULY.NASL", "MYSQL_8_0_16.NASL", "OPENSUSE-2019-173.NASL", "OPENSUSE-2019-174.NASL", "PHOTONOS_PHSA-2019-1_0-0209_CURL.NASL", "PHOTONOS_PHSA-2019-2_0-0131_CURL.NASL", "REDHAT-RHSA-2019-3701.NASL", "SLACKWARE_SSA_2019-037-01.NASL", "SUSE_SU-2019-0248-1.NASL", "SUSE_SU-2019-0249-1.NASL", "SUSE_SU-2019-0339-1.NASL", "UBUNTU_USN-3882-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142650", "OPENVAS:1361412562310142651", "OPENVAS:1361412562310704386", "OPENVAS:1361412562310843899", "OPENVAS:1361412562310852289", "OPENVAS:1361412562310852290", "OPENVAS:1361412562310875689", "OPENVAS:1361412562310876475", "OPENVAS:1361412562310876863", "OPENVAS:1361412562310891672"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019", "ORACLE:CPUJUL2019"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3701"]}, {"type": "osv", "idList": ["OSV:DLA-1672-1", "OSV:DSA-4386-1"]}, {"type": "photon", "idList": ["PHSA-2019-0002", "PHSA-2019-0131", "PHSA-2019-0209", "PHSA-2019-1.0-0209", "PHSA-2019-2.0-0131", "PHSA-2019-3.0-0002"]}, {"type": "redhat", "idList": ["RHSA-2019:1543", "RHSA-2019:3701", "RHSA-2020:4298"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-3823"]}, {"type": "slackware", "idList": ["SSA-2019-037-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0173-1", "OPENSUSE-SU-2019:0174-1"]}, {"type": "ubuntu", "idList": ["USN-3882-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-3823"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS2-2019-1162"]}, {"type": "archlinux", "idList": ["ASA-201902-10", "ASA-201902-11", "ASA-201902-12", "ASA-201902-13", "ASA-201902-9"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:057632FDE3425E82800DCEC32F03F510"]}, {"type": "cve", "idList": ["CVE-2019-3823"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1672-1:150F0", "DEBIAN:DSA-4386-1:8CA8C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-3823"]}, {"type": "fedora", "idList": ["FEDORA:D8E6160F62FB"]}, {"type": "freebsd", "idList": ["714B033A-2B09-11E9-8BC3-610FD6E6CD05"]}, {"type": "gentoo", "idList": ["GLSA-201903-03"]}, {"type": "hackerone", "idList": ["H1:518097"]}, {"type": "ics", "idList": ["ICSA-13-011-01", "ICSA-13-149-01", "ICSA-19-225-01", "ICSA-20-086-01", "ICSA-20-203-01"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-3823/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1162.NASL", "CENTOS8_RHSA-2019-3701.NASL", "DEBIAN_DSA-4386.NASL", "FEDORA_2019-43489941FF.NASL", "FREEBSD_PKG_714B033A2B0911E98BC3610FD6E6CD05.NASL", "OPENSUSE-2019-173.NASL", "OPENSUSE-2019-174.NASL", "REDHAT-RHSA-2019-3701.NASL", "SLACKWARE_SSA_2019-037-01.NASL", "SUSE_SU-2019-0248-1.NASL", "SUSE_SU-2019-0249-1.NASL", "SUSE_SU-2019-0339-1.NASL", "UBUNTU_USN-3882-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704386", "OPENVAS:1361412562310843899", "OPENVAS:1361412562310852289", "OPENVAS:1361412562310852290", "OPENVAS:1361412562310891672"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3701"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0209", "PHSA-2019-2.0-0131", "PHSA-2019-3.0-0002"]}, {"type": "redhat", "idList": ["RHSA-2020:4298"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-3823"]}, {"type": "slackware", "idList": ["SSA-2019-037-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0173-1", "OPENSUSE-SU-2019:0174-1"]}, {"type": "threatpost", "idList": ["THREATPOST:134A95E2E7432DE5E6F46316E469C55B", "THREATPOST:75B109B5B464EBEE349E710C31FA89E1"]}, {"type": "ubuntu", "idList": ["USN-3882-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-3823"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-3823", "epss": "0.003750000", "percentile": "0.684850000", "modified": "2023-03-16"}], "vulnersScore": 0.7}, "_state": {"dependencies": 1678818793, "score": 1678818792, "epss": 1679070268}, "_internal": {"score_hash": "42296ccef922136ee90f98bb81de7b5b"}}

{"ubuntucve": [{"lastseen": "2022-08-04T13:42:47", "description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap\nout-of-bounds read in the code handling the end-of-response for SMTP. If\nthe buffer passed to `smtp_endofresp()` isn't NUL terminated and contains\nno character ending the parsed number, and `len` is set to 5, then the\n`strtol()` call reads beyond the allocated buffer. The read contents will\nnot be returned to the caller.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-06T00:00:00", "type": "ubuntucve", "title": "CVE-2019-3823", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823"], "modified": "2019-02-06T00:00:00", "id": "UB:CVE-2019-3823", "href": "https://ubuntu.com/security/CVE-2019-3823", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-03-01T15:12:52", "description": "An update of the curl package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2019-2.0-0131", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0131_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/122910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0131. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122910);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-3823\");\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2019-2.0-0131\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-131.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3823\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.59.0-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.59.0-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.59.0-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.59.0-5.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-02T14:23:14", "description": "An update of the curl package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-28T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2019-1.0-0209", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0209_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/133296", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0209. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133296);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-3822\", \"CVE-2019-3823\");\n script_bugtraq_id(106950);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2019-1.0-0209\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-209.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"curl-7.59\", release:\"PhotonOS-1.0\") && rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"curl-7.59.0-6.ph1\")) flag++;\nif (rpm_exists(rpm:\"curl-7.59\", release:\"PhotonOS-1.0\") && rpm_check(release:\"PhotonOS-1.0\", cpu:\"src\", reference:\"curl-7.59.0-6.ph1.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.59.0-6.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:10:34", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-06T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:0248-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:curl-mini", "p-cpe:/a:novell:suse_linux:curl-mini-debuginfo", "p-cpe:/a:novell:suse_linux:curl-mini-debugsource", "p-cpe:/a:novell:suse_linux:libcurl-devel", "p-cpe:/a:novell:suse_linux:libcurl-mini-devel", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-mini", "p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121618", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0248-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121618);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:0248-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling\nthe end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function\ncreating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\nhandling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16890/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3822/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3823/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190248-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe3ac5bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-248=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-248=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T14:43:36", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-037-01.NASL", "href": "https://www.tenable.com/plugins/nessus/121632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-037-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121632);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"SSA\", value:\"2019-037-01\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.433275\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8c976af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:11:29", "description": "Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3882-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl4", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3882-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3882-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121639);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"USN\", value:\"3882-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3882-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Wenxiang Qian discovered that curl incorrectly handled certain NTLM\nauthentication messages. A remote attacker could possibly use this\nissue to cause curl to crash, resulting in a denial of service. This\nissue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu\n18.10. (CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 16.04 LTS,\nUbuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause\ncurl to crash, resulting in a denial of service. (CVE-2019-3823).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3882-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"curl\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl4\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"curl\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl4\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:11:10", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0249-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0249-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121635", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0249-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121635);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0249-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling\nthe end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function\ncreating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\nhandling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16890/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3822/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3823/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190249-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed9c0595\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-249=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-249=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-249=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-249=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-249=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-249=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-249=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:11:29", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-174)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-174.NASL", "href": "https://www.tenable.com/plugins/nessus/122221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-174.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122221);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-174)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the\n code handling the end-of-response for SMTP\n (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in\n the function creating an outgoing NTLM type-3 message\n (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read\n in the function handling incoming NTLM type-2 messages\n (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123378\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:11:28", "description": "curl security problems :\n\nCVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n\nlibcurl contains a heap buffer out-of-bounds read flaw.\n\nThe function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability.\n\nUsing that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.\n\nCVE-2019-3822: NTLMv2 type-3 header stack-based buffer overflow\n\nlibcurl contains a stack based buffer overflow vulnerability.\n\nThe function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening.\n\nThis output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server.\n\nSuch a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.\n\nCVE-2019-3823: SMTP end-of-response out-of-bounds read\n\nlibcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP.\n\nIf the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-08T00:00:00", "type": "nessus", "title": "FreeBSD : curl -- multiple vulnerabilities (714b033a-2b09-11e9-8bc3-610fd6e6cd05)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_714B033A2B0911E98BC3610FD6E6CD05.NASL", "href": "https://www.tenable.com/plugins/nessus/122042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122042);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"FreeBSD : curl -- multiple vulnerabilities (714b033a-2b09-11e9-8bc3-610fd6e6cd05)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"curl security problems :\n\nCVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n\nlibcurl contains a heap buffer out-of-bounds read flaw.\n\nThe function handling incoming NTLM type-2 messages\n(lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming\ndata correctly and is subject to an integer overflow vulnerability.\n\nUsing that overflow, a malicious or broken NTLM server could trick\nlibcurl to accept a bad length + offset combination that would lead to\na buffer read out-of-bounds.\n\nCVE-2019-3822: NTLMv2 type-3 header stack-based buffer overflow\n\nlibcurl contains a stack based buffer overflow vulnerability.\n\nThe function creating an outgoing NTLM type-3 header\n(lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates\nthe request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting\noverflowed is implemented wrongly (using unsigned math) and as such it\ndoes not prevent the overflow from happening.\n\nThis output data can grow larger than the local buffer if very large\n'nt response' data is extracted from a previous NTLMv2 header provided\nby the malicious or broken HTTP server.\n\nSuch a 'large value' needs to be around 1000 bytes or more. The actual\npayload data copied to the target buffer comes from the NTLMv2 type-2\nresponse header.\n\nCVE-2019-3823: SMTP end-of-response out-of-bounds read\n\nlibcurl contains a heap out-of-bounds read in the code handling the\nend-of-response for SMTP.\n\nIf the buffer passed to smtp_endofresp() isn't NUL terminated and\ncontains no character ending the parsed number, and len is set to 5,\nthen the strtol() call reads beyond the allocated buffer. The read\ncontents will not be returned to the caller.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/security.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2019-3822.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2019-3823.html\"\n );\n # https://vuxml.freebsd.org/freebsd/714b033a-2b09-11e9-8bc3-610fd6e6cd05.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?340e0493\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl<7.64.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:17:34", "description": "It was discovered that there were three vulnerabilities in the curl command-line HTTP (etc.) client :\n\n - CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages.\n\n - CVE-2019-3822: Stack-based buffer overflow in the handling of outgoing NTLM type-3 headers.\n\n - CVE-2019-3823: Heap out-of-bounds read in code handling the end of a response in the SMTP protocol.\n\nFor Debian 8 'Jessie', this issue has been fixed in curl version 7.38.0-4+deb8u14.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "Debian DLA-1672-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-doc", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1672.NASL", "href": "https://www.tenable.com/plugins/nessus/122099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1672-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122099);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_name(english:\"Debian DLA-1672-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client :\n\n - CVE-2018-16890: A heap buffer out-of-bounds read\n vulnerability in the handling of NTLM type-2 messages.\n\n - CVE-2019-3822: Stack-based buffer overflow in the\n handling of outgoing NTLM type-3 headers.\n\n - CVE-2019-3823: Heap out-of-bounds read in code handling\n the end of a response in the SMTP protocol.\n\nFor Debian 8 'Jessie', this issue has been fixed in curl version\n7.38.0-4+deb8u14.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-01T15:10:19", "description": "- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\n - fix NTLMv2 type-3 header stack-based buffer overflow (CVE-2019-3822)\n\n - fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "Fedora 29 : curl (2019-43489941ff)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-43489941FF.NASL", "href": "https://www.tenable.com/plugins/nessus/122106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-43489941ff.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122106);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"FEDORA\", value:\"2019-43489941ff\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"Fedora 29 : curl (2019-43489941ff)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"- fix SMTP end-of-response out-of-bounds read\n (CVE-2019-3823)\n\n - fix NTLMv2 type-3 header stack-based buffer overflow\n (CVE-2019-3822)\n\n - fix NTLM type-2 out-of-bounds buffer read\n (CVE-2018-16890)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-43489941ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-8.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:10:51", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-173)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-173.NASL", "href": "https://www.tenable.com/plugins/nessus/122220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-173.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122220);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-173)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the\n code handling the end-of-response for SMTP\n (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in\n the function creating an outgoing NTLM type-3 message\n (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read\n in the function handling incoming NTLM type-2 messages\n (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123378\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-45.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:11:29", "description": "Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could lead to an out-of-bounds buffer read.\n\n - CVE-2019-3822 Wenxiang Qian of Tencent Blade Team discovered that the function creating an outgoing NTLM type-3 header is subject to an integer overflow vulnerability, which could lead to an out-of-bounds write.\n\n - CVE-2019-3823 Brian Carpenter of Geeknik Labs discovered that the code handling the end-of-response for SMTP is subject to an out-of-bounds heap read.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Debian DSA-4386-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4386.NASL", "href": "https://www.tenable.com/plugins/nessus/121628", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4386. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121628);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"DSA\", value:\"4386\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"Debian DSA-4386-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities were discovered in cURL, an URL transfer\nlibrary.\n\n - CVE-2018-16890\n Wenxiang Qian of Tencent Blade Team discovered that the\n function handling incoming NTLM type-2 messages does not\n validate incoming data correctly and is subject to an\n integer overflow vulnerability, which could lead to an\n out-of-bounds buffer read.\n\n - CVE-2019-3822\n Wenxiang Qian of Tencent Blade Team discovered that the\n function creating an outgoing NTLM type-3 header is\n subject to an integer overflow vulnerability, which\n could lead to an out-of-bounds write.\n\n - CVE-2019-3823\n Brian Carpenter of Geeknik Labs discovered that the code\n handling the end-of-response for SMTP is subject to an\n out-of-bounds heap read.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4386\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the curl packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T15:14:50", "description": "An update for curl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack-based buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : curl (RHSA-2019:3701)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:curl-debugsource", "p-cpe:/a:redhat:enterprise_linux:curl-minimal-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "p-cpe:/a:redhat:enterprise_linux:libcurl-minimal", "p-cpe:/a:redhat:enterprise_linux:libcurl-minimal-debuginfo", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3701.NASL", "href": "https://www.tenable.com/plugins/nessus/130568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3701. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130568);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-16890\",\n \"CVE-2018-20483\",\n \"CVE-2019-3822\",\n \"CVE-2019-3823\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3701\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"RHEL 8 : curl (RHSA-2019:3701)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for curl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack-based buffer overflow\n(CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?774148ae\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3823\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-minimal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-minimal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3701\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"curl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"curl-debugsource-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-debugsource-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-debugsource-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"curl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-devel-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-devel-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-devel-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-minimal-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-minimal-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-minimal-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / curl-minimal-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T15:20:24", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3701 advisory.\n\n - curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n - wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n - curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n - curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : curl (CESA-2019:3701)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "p-cpe:/a:centos:centos:libcurl-minimal"], "id": "CENTOS8_RHSA-2019-3701.NASL", "href": "https://www.tenable.com/plugins/nessus/145603", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3701. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145603);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-16890\",\n \"CVE-2018-20483\",\n \"CVE-2019-3822\",\n \"CVE-2019-3823\"\n );\n script_bugtraq_id(106358, 106947, 106950);\n script_xref(name:\"RHSA\", value:\"2019:3701\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"CentOS 8 : curl (CESA-2019:3701)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3701 advisory.\n\n - curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n - wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n - curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n - curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3701\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'curl-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl / libcurl-devel / libcurl-minimal');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:12:31", "description": "The remote host is affected by the vulnerability described in GLSA-201903-03 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-11T00:00:00", "type": "nessus", "title": "GLSA-201903-03 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201903-03.NASL", "href": "https://www.tenable.com/plugins/nessus/122731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201903-03.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122731);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"GLSA\", value:\"201903-03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"GLSA-201903-03 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201903-03\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201903-03\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.64.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.64.0\"), vulnerable:make_list(\"lt 7.64.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T15:10:51", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3822: Fixed a NTLMv2 type-3 header stack-based buffer overflow (bsc#1123377).\n\nCVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378).\n\nCVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371).\n\nCVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660).\n\nCVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).\n\nCVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-13T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0339-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0339-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122149);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-16839\",\n \"CVE-2018-16840\",\n \"CVE-2018-16842\",\n \"CVE-2018-16890\",\n \"CVE-2019-3822\",\n \"CVE-2019-3823\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3822: Fixed a NTLMv2 type-3 header stack-based buffer\noverflow (bsc#1123377).\n\nCVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response\n(bsc#1123378).\n\nCVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2\n(bsc#1123371).\n\nCVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c\n(bsc#1113660).\n\nCVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).\n\nCVE-2018-16839: Fixed an SASL password overflow caused by an integer\noverflow (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16839/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16840/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16842/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16890/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3822/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3823/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190339-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?707494a7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-339=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-339=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-339=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-debugsource-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-debuginfo-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-debugsource-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.60.0-4.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T14:42:59", "description": "libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.(CVE-2018-16890)\n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.(CVE-2018-16839)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : curl (ALAS-2019-1162)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1162.NASL", "href": "https://www.tenable.com/plugins/nessus/122260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122260);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\", \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-8818\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"ALAS\", value:\"2019-1162\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"Amazon Linux 2 : curl (ALAS-2019-1162)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"libcurl is vulnerable to a heap buffer out-of-bounds read. The\nfunction handling incoming NTLM type-2 messages\n(`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate\nincoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.(CVE-2018-16890)\n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on\n32-bit platforms allows attackers to cause a denial of service\n(integer overflow and resultant buffer overflow, and application\ncrash) or possibly have unspecified other impact via vectors involving\nlong user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to\ncause a denial of service (out-of-bounds access and application crash)\nor possibly have unspecified other impact because too little memory is\nallocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in\n(anonymous or not), it asks the server for the current directory with\nthe `PWD` command. The server then responds with a 257 response\ncontaining the path, inside double quotes. The returned path name is\nthen kept by libcurl for subsequent uses. Due to a flaw in the string\nparser for this directory name, a directory name passed like this but\nwithout a closing double quote would lead to libcurl not adding a\ntrailing NUL byte to the buffer holding the name. When libcurl would\nthen later access the string, it could read beyond the allocated heap\nbuffer and crash or wrongly access data beyond the buffer, thinking it\nwas part of the path. A malicious server could abuse this fact and\neffectively prevent libcurl-based clients to work with it - the PWD\ncommand is always issued on new FTP connections and the mistake has a\nhigh chance of causing a segfault. The simple fact that this has issue\nremained undiscovered for this long could suggest that malformed PWD\nresponses are rare in benign servers. We are not aware of any exploit\nof this flaw. This bug was introduced in commit\n[415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March\n2005. In libcurl version 7.56.0, the parser always zero terminates the\nstring but also rejects it if not terminated properly with a final\ndouble quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based\nbuffer over-read in the tool_msgs.c:voutf() function that may result\nin information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function\ncreating an outgoing NTLM type-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting\noverflowed is implemented wrongly (using unsigned math) and as such it\ndoes not prevent the overflow from happening. This output data can\ngrow larger than the local buffer if very large 'nt response' data is\nextracted from a previous NTLMv2 header provided by the malicious or\nbroken HTTP server. Such a 'large value' needs to be around 1000 bytes\nor more. The actual payload data copied to the target buffer comes\nfrom the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code\nhandling the end-of-response for SMTP. If the buffer passed to\n`smtp_endofresp()` isn't NUL terminated and contains no character\nending the parsed number, and `len` is set to 5, then the `strtol()`\ncall reads beyond the allocated buffer. The read contents will not be\nreturned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows\nremote attackers to cause a denial of service (out-of-bounds read and\napplication crash) or possibly have unspecified other impact via a\nstring that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's\norigin URL in the user.xdg.origin.url metadata attribute of the\nextended attributes of the downloaded file, which allows local users\nto obtain sensitive information (e.g., credentials contained in the\nURL) by reading this attribute, as demonstrated by getfattr. This also\napplies to Referer information in the user.xdg.referrer.url metadata\nattribute. According to 2016-07-22 in the Wget ChangeLog,\nuser.xdg.origin.url was partially based on the behavior of\nfwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP\nserver, an attacker could exploit this flaw to potentially cause\ninformation disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0\nthrough 7.61.1 in the code related to closing an easy handle. When\nclosing and cleaning up an 'easy' handle in the `Curl_close()`\nfunction, the library code first frees a struct (without nulling the\npointer) and might then subsequently erroneously write to a struct\nfield within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun\nin the SASL authentication code that may lead to denial of\nservice.(CVE-2018-16839)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1162.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"curl-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"curl-debuginfo-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libcurl-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libcurl-devel-7.61.1-9.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T15:04:55", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.27. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the July 2019 Critical Patch Update advisory:\n\n - A stack-based buffer overflow vulnerability in the 'Server: Packaging (cURL)' subcomponent could allow an unauthenticated attacker to gain complete control of an affected instance of MySQL Server. (CVE-2019-3822)\n\n - A vulnerability in the 'Server: Parser' subcomponent.\n This is an easily exploitable vulnerability that allows a low privileged attacker with network access via multiple protocols to compromise the server. Successful attacks involving this vulnerability can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (CVE-2019-2805)\n\n - A vulnerability in the 'Server: XML' subcomponent. This is an easily exploitable vulnerability that allows a low privileged attacker with network access via multiple protocols to compromise a server.Successful attacks involving this vulnerability can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS).\n (CVE-2019-2740)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-18T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.27 Multiple Vulnerabilities (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2791", "CVE-2019-2797", "CVE-2019-2805", "CVE-2019-2819", "CVE-2019-2948", "CVE-2019-2969", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_27_JULY.NASL", "href": "https://www.tenable.com/plugins/nessus/126783", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126783);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-16890\",\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2741\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2791\",\n \"CVE-2019-2797\",\n \"CVE-2019-2805\",\n \"CVE-2019-2819\",\n \"CVE-2019-2948\",\n \"CVE-2019-2969\",\n \"CVE-2019-3822\",\n \"CVE-2019-3823\"\n );\n script_bugtraq_id(\n 106947,\n 106950,\n 109243,\n 109247\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0122-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"MySQL 5.7.x < 5.7.27 Multiple Vulnerabilities (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.27. It is, therefore, affected by multiple vulnerabilities,\nincluding three of the top vulnerabilities below, as noted in the\nJuly 2019 Critical Patch Update advisory:\n\n - A stack-based buffer overflow vulnerability in the\n 'Server: Packaging (cURL)' subcomponent could allow an\n unauthenticated attacker to gain complete control of an\n affected instance of MySQL Server. (CVE-2019-3822)\n\n - A vulnerability in the 'Server: Parser' subcomponent.\n This is an easily exploitable vulnerability that allows\n a low privileged attacker with network access via\n multiple protocols to compromise the server. Successful\n attacks involving this vulnerability can result in the\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS). (CVE-2019-2805)\n\n - A vulnerability in the 'Server: XML' subcomponent. This\n is an easily exploitable vulnerability that allows a\n low privileged attacker with network access via multiple\n protocols to compromise a server.Successful attacks\n involving this vulnerability can result in the\n unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS).\n (CVE-2019-2740)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1adc2fd3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.27 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mysql_version_local.nasl\", \"mysql_win_installed.nbin\", \"macosx_mysql_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '5.7.0', 'fixed_version' : '5.7.27'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:14:02", "description": "The version of MySQL running on the remote host is 8.0.x prior to 8.0.16. It is, therefore, affected by multiple vulnerabilities, including four of the top vulnerabilities below, as noted in the April 2019 and July 2019 Critical Patch Update advisories:\n\n - An unspecified vulnerability in the 'Server: Packaging (cURL)' subcomponent could allow an unauthenticated attacker to gain complete control of an affected instance of MySQL Server. (CVE-2019-3822)\n\n - An unspecified vulnerability in the 'Server: Pluggable Auth' subcomponent could allow an unauthenticated attacker to gain complete access to all MySQL Server accessible data. (CVE-2019-2632)\n\n - Multiple denial of service vulnerabilities exist in the 'Server: Optimizer' subcomponent and could allow a low priviledged attacker to cause the server to hang or to, via a frequently repeatable crash, cause a complete denial of service. (CVE-2019-2693, CVE-2019-2694, CVE-2019-2695)\n\n - An unspecified vulnerability in the 'Server: Compiling (OpenSSL)' subcomponent could allow an unauthenticated attacker to gain complete access to all MySQL Server accessible data. (CVE-2019-1559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-18T00:00:00", "type": "nessus", "title": "MySQL 8.0.x < 8.0.16 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-1559", "CVE-2019-2566", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2755", "CVE-2019-2798", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_16.NASL", "href": "https://www.tenable.com/plugins/nessus/124160", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124160);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-1559\",\n \"CVE-2019-2566\",\n \"CVE-2019-2580\",\n \"CVE-2019-2581\",\n \"CVE-2019-2584\",\n \"CVE-2019-2585\",\n \"CVE-2019-2587\",\n \"CVE-2019-2589\",\n \"CVE-2019-2592\",\n \"CVE-2019-2593\",\n \"CVE-2019-2596\",\n \"CVE-2019-2606\",\n \"CVE-2019-2607\",\n \"CVE-2019-2614\",\n \"CVE-2019-2617\",\n \"CVE-2019-2620\",\n \"CVE-2019-2623\",\n \"CVE-2019-2624\",\n \"CVE-2019-2625\",\n \"CVE-2019-2626\",\n \"CVE-2019-2627\",\n \"CVE-2019-2628\",\n \"CVE-2019-2630\",\n \"CVE-2019-2631\",\n \"CVE-2019-2632\",\n \"CVE-2019-2634\",\n \"CVE-2019-2635\",\n \"CVE-2019-2636\",\n \"CVE-2019-2644\",\n \"CVE-2019-2681\",\n \"CVE-2019-2683\",\n \"CVE-2019-2685\",\n \"CVE-2019-2686\",\n \"CVE-2019-2687\",\n \"CVE-2019-2688\",\n \"CVE-2019-2689\",\n \"CVE-2019-2691\",\n \"CVE-2019-2693\",\n \"CVE-2019-2694\",\n \"CVE-2019-2695\",\n \"CVE-2019-2755\",\n \"CVE-2019-2798\",\n \"CVE-2019-3822\",\n \"CVE-2018-16890\",\n \"CVE-2019-3823\"\n );\n script_bugtraq_id(\n 106950,\n 107174,\n 107913,\n 107924,\n 107927,\n 107928,\n 109259,\n 109260\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0122-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"MySQL 8.0.x < 8.0.16 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior to\n8.0.16. It is, therefore, affected by multiple vulnerabilities,\nincluding four of the top vulnerabilities below, as noted in the\nApril 2019 and July 2019 Critical Patch Update advisories:\n\n - An unspecified vulnerability in the 'Server: Packaging\n (cURL)' subcomponent could allow an unauthenticated\n attacker to gain complete control of an affected instance\n of MySQL Server. (CVE-2019-3822)\n\n - An unspecified vulnerability in the 'Server: Pluggable\n Auth' subcomponent could allow an unauthenticated\n attacker to gain complete access to all MySQL Server\n accessible data. (CVE-2019-2632)\n\n - Multiple denial of service vulnerabilities exist in the\n 'Server: Optimizer' subcomponent and could allow a low\n priviledged attacker to cause the server to hang or to,\n via a frequently repeatable crash, cause a complete\n denial of service. (CVE-2019-2693, CVE-2019-2694,\n CVE-2019-2695)\n\n - An unspecified vulnerability in the\n 'Server: Compiling (OpenSSL)' subcomponent could allow\n an unauthenticated attacker to gain complete access to\n all MySQL Server accessible data. (CVE-2019-1559)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-16.html\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6252734\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.16 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mysql_version_local.nasl\", \"mysql_win_installed.nbin\", \"macosx_mysql_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.16'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2023-02-03T03:28:29", "bounty": 0.0, "description": "```\nlibcurl contains a heap out-of-bounds read in the code handling the\nend-of-response for SMTP.\n\nIf the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains\nno character ending the parsed number, and `len` is set to 5, then the\n`strtol()` call reads beyond the allocated buffer. The read contents will not\nbe returned to the caller.\n```\n\nThe issue was reported to the project on 18 January 2019.\nA patch was sent to me on 19 January 2019. \ncurl 7.64.0 was released on 6 January 2019.\n\nhttps://curl.haxx.se/docs/CVE-2019-3823.html\n\n## Impact\n\nIf the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-28T15:41:49", "type": "hackerone", "title": "curl: libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823"], "modified": "2021-01-08T15:07:44", "id": "H1:518097", "href": "https://hackerone.com/reports/518097", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:48:20", "description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-06T20:29:00", "type": "cve", "title": "CVE-2019-3823", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823"], "modified": "2021-03-09T15:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:communications_operations_monitor:4.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:netapp:clustered_data_ontap:*", "cpe:/a:oracle:secure_global_desktop:5.4", "cpe:/a:oracle:communications_operations_monitor:3.4", "cpe:/a:oracle:http_server:12.2.1.3.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "CVE-2019-3823", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}], "ics": [{"lastseen": "2021-03-09T17:46:15", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION: **Exploitable remotely/low skill level to exploit\n * **Vendor: **Siemens\n * **Equipment:** SCALANCE and SIMATIC\n * **Vulnerability: **Out-of-bounds Read\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this third-party vulnerability could allow an attacker to cause a denial-of-service condition on the affected devices.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following Siemens products are affected by the third-party component libcurl:\n\n * SCALANCE SC600 Family: all versions prior to v2.0\n * SIMATIC NET CM 1542-1: all versions\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe libcurl library Versions 7.34.0 through 7.63.0 are vulnerable to a heap out-of-bounds read condition in the code handling the end-of-response for SMTP. This vulnerability could allow an attacker to trigger a denial-of-service condition on the affected devices. \n\n[CVE-2019-3823](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\nSiemens reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce risk:\n\n * SCALANCE SC600: [Update to v2.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109769665/>)\n * Disable the SMTP Client function on affected devices or use VPN for protecting SMTP traffic to trusted email servers only.\n\nThe impact of additional libcurl vulnerabilities is described in Siemens Security Advisory [SSA-436177](<https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability. \n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-068-10>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2021-03-09T00:00:00", "type": "ics", "title": "Siemens SCALANCE and SIMATIC libcurl", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823"], "modified": "2021-03-09T00:00:00", "id": "ICSA-20-068-10", "href": "https://www.us-cert.gov/ics/advisories/icsa-20-068-10", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-14T18:32:44", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 8.3**\n * **ATTENTION: **Exploitable remotely/low skill level to exploit\n * **Vendor: **Siemens\n * **Equipment: **SINEMA Remote Connect (Client and Server)\n * **Vulnerabilities: **Incorrect Calculation of Buffer Size, Out-of-bounds Read, Stack-based Buffer Overflow, Improper Handling of Insufficient Permissions\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-19-099-04 Siemens SINEMA Remote Connect that was published April 9, 2019, to the ICS webpage on us-cert.cisa.gov.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to circumvent the system authorization for certain functionalities, and to execute privileged functions.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following Siemens products are affected: \n\n * SINEMA Remote Connect Client; all versions prior to v2.0 HF1\n * SINEMA Remote Connect Server; all versions prior to v2.0\n\nNote that not every product listed above is affected by every vulnerability described below. Please see the Siemens advisory for more detail.\n\n### 4.2 VULNERABILITY OVERVIEW\n\n**4.2.1 [INCORRECT CALCULATION OF BUFFER SIZE CWE-131](<https://cwe.mitre.org/data/definitions/131.html>)**\n\nThe HTTP client curl is vulnerable to a buffer overrun.\n\nThe vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges. User interaction by a legitimate use is required to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected device.\n\n[CVE-2018-14618](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14618>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)) \n\n**4.2.2 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)**\n\nThe HTTP client library libcurl is vulnerable to a heap buffer out-of-bounds read. \n\nThe vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system.\n\n[CVE-2018-16890](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16890>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**4.2.3 [STACK-BASED BUFFER OVERFLOW CWE-121](<https://cwe.mitre.org/data/definitions/121.html>)**\n\nThe HTTP client library libcurl is vulnerable to a stack-based buffer overflow.\n\nThe vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.\n\n[CVE-2019-3822](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3822>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n**\\--------- Begin Update A Part 1 of 1 ---------**\n\n#### 4.2.4 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. This vulnerability could allow an attacker to trigger a denial-of-service condition on the affected devices.\n\n[CVE-2019-3823](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**\\--------- End Update A Part 1 of 1 ---------**\n\n**4.2.5 [IMPROPER HANDLING OF INSUFFICIENT PERMISSIONS CWE-280](<https://cwe.mitre.org/data/definitions/280.html>)**\n\nDue to insufficient checking of user permissions, an attacker may access URLs that require special authorization.\n\nThe vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.\n\n[CVE-2019-6570](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6570>) has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 4.4 RESEARCHER\n\nSiemens ProductCERT reported these vulnerabilities to CISA.\n\n## 5\\. MITIGATIONS\n\nSiemens currently has updates for the following products: \n\n * SINEMA Remote Connect Client: [Update to v2.0 HF1](<https://support.industry.siemens.com/cs/de/en/view/109764829>)\n * SINEMA Remote Connect Server: [Update to v2.0 ](<https://support.industry.siemens.com/cs/de/en/view/109764829>)\n\nSiemens recommends users apply the following specific workarounds and mitigations to reduce the risk:\n\n * Turn off NTLM authentication to mitigate CVE-2018-16890 and CVE-2019-3822\n * Turn off SMTP to mitigate CVE-2019-3822\n * Apply defense-in-depth strategies.\n\nSiemens recommends users configure their environment according to [Siemens\u2019 operational guidelines for industrial security](<https://assets.new.siemens.com/siemens/assets/public.1502968141.411e91564a2d259ecd4b6c79b51f89c044b3de81.operational-guidelines-industrial-security-en.pdf>) and follow the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>\n\nFor more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory [SSA-436177](<https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf>)\n\nFor further inquiries on security vulnerabilities in Siemens products and solutions, please contact [Siemens ProductCERT](<http://www.siemens.com/cert/advisories>).\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n### Vendor\n\nSiemens\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T12:00:00", "type": "ics", "title": "Siemens SINEMA Remote Connect (Update A)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618", "CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-6570"], "modified": "2021-03-09T12:00:00", "id": "ICSA-19-099-04", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-099-04", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-03-08T17:27:46", "description": "An out-of-bounds read flaw was found in the way curl handled certain SMTP responses. A remote attacker could use this flaw to crash curl.\n#### Mitigation\n\nDo not use SMTP authentication with curl \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-06T08:20:00", "type": "redhatcve", "title": "CVE-2019-3823", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823"], "modified": "2023-03-08T16:42:44", "id": "RH:CVE-2019-3823", "href": "https://access.redhat.com/security/cve/cve-2019-3823", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-03-22T06:06:22", "description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-06T20:29:00", "type": "debiancve", "title": "CVE-2019-3823", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823"], "modified": "2019-02-06T20:29:00", "id": "DEBIANCVE:CVE-2019-3823", "href": "https://security-tracker.debian.org/tracker/CVE-2019-3823", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2021-11-03T12:05:48", "description": "An update of {'libtiff', 'curl'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-19T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-2.0-0131", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823", "CVE-2019-6128"], "modified": "2019-02-19T00:00:00", "id": "PHSA-2019-2.0-0131", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-131", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-14T21:07:59", "description": "Updates of ['libtiff', 'curl'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-02-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0131", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823", "CVE-2019-6128"], "modified": "2019-02-19T00:00:00", "id": "PHSA-2019-0131", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-131", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T11:51:17", "description": "An update of {'elasticsearch', 'sqlite-autoconf', 'glibc', 'curl', 'kibana'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-20T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0209", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-19591", "CVE-2018-20346", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-20T00:00:00", "id": "PHSA-2019-1.0-0209", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-209", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:05:15", "description": "Updates of ['curl', 'sqlite-autoconf', 'elasticsearch', 'glibc', 'binutils', 'kibana'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-20T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0209", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000876", "CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-19591", "CVE-2018-19931", "CVE-2018-20346", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-20T00:00:00", "id": "PHSA-2019-0209", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-209", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:51:54", "description": "Updates of ['kibana', 'curl', 'sqlite', 'libgd', 'nginx', 'linux-esx', 'openjdk8', 'libtiff', 'linux', 'elasticsearch', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-26T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0002", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-16890", "CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-20346", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-6128", "CVE-2019-6977", "CVE-2019-8912"], "modified": "2019-02-26T00:00:00", "id": "PHSA-2019-0002", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-16T05:44:05", "description": "Updates of ['sqlite', 'elasticsearch', 'kibana', 'openjdk8', 'libtiff', 'linux-aws', 'curl', 'linux-esx', 'linux- secure', 'nginx', 'linux', 'libgd'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-26T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-3.0-0002", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-16890", "CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-20346", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-6128", "CVE-2019-6977", "CVE-2019-8912"], "modified": "2019-02-26T00:00:00", "id": "PHSA-2019-3.0-0002", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:23", "description": "The remote host is missing an update\n for the ", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3882-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843899", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843899", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843899\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-07 04:03:37 +0100 (Thu, 07 Feb 2019)\");\n script_name(\"Ubuntu Update for curl USN-3882-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3882-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3882-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update\n for the 'curl' package(s) announced via the USN-3882-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wenxiang Qian discovered that curl\nincorrectly handled certain NTLM authentication messages. A remote attacker\ncould possibly use this issue to cause curl to crash, resulting in a denial\nof service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,\nand Ubuntu 18.10. (CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service. (CVE-2019-3823)\");\n\n script_tag(name:\"affected\", value:\"curl on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:24:43", "description": "It was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client:\n\n * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in\nthe handling of NTLM type-2 messages.\n\n * CVE-2019-3822: Stack-based buffer overflow in the handling of\noutgoing NTLM type-3 headers.\n\n * CVE-2019-3823: Heap out-of-bounds read in code handling\nthe end of a response in the SMTP protocol.", "cvss3": {}, "published": "2019-02-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-1672-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891672", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891672", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891672\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-1672-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-12 00:00:00 +0100 (Tue, 12 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00018.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in curl version\n7.38.0-4+deb8u14.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client:\n\n * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in\nthe handling of NTLM type-2 messages.\n\n * CVE-2019-3822: Stack-based buffer overflow in the handling of\noutgoing NTLM type-3 headers.\n\n * CVE-2019-3823: Heap out-of-bounds read in code handling\nthe end of a response in the SMTP protocol.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T11:52:13", "description": "Oracle MySQL is prone to multiple vulnerabilities in libcurl.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "openvas", "title": "Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310142651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142651", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142651\");\n script_version(\"2019-07-24T02:19:13+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 02:19:13 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 01:50:04 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2019-3823\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities in libcurl.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.26 and prior and 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.27, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.27\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T11:52:16", "description": "Oracle MySQL is prone to multiple vulnerabilities in libcurl.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "openvas", "title": "Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310142650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142650", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142650\");\n script_version(\"2019-07-24T02:19:13+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 02:19:13 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 01:44:19 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2019-3823\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities in libcurl.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.26 and prior and 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.27, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.27\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:53:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-15T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2019:0173-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852289", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852289\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-15 04:04:38 +0100 (Fri, 15 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2019:0173-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0173-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00022.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2019:0173-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the\n end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function\n creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\n handling incoming NTLM type-2 messages (bsc#1123371).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-173=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo-32bit\", rpm:\"libcurl4-debuginfo-32bit~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:53:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-15T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2019:0174-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852290", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852290\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-15 04:04:47 +0100 (Fri, 15 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2019:0174-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0174-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00023.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2019:0174-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the\n end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function\n creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\n handling incoming NTLM type-2 messages (bsc#1123371).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-174=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini\", rpm:\"curl-mini~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debuginfo\", rpm:\"curl-mini-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debugsource\", rpm:\"curl-mini-debugsource~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-mini-devel\", rpm:\"libcurl-mini-devel~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini\", rpm:\"libcurl4-mini~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini-debuginfo\", rpm:\"libcurl4-mini-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit-debuginfo\", rpm:\"libcurl4-32bit-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:46:28", "description": "Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16890\nWenxiang Qian of Tencent Blade Team discovered that the function\nhandling incoming NTLM type-2 messages does not validate incoming\ndata correctly and is subject to an integer overflow vulnerability,\nwhich could lead to an out-of-bounds buffer read.\n\nCVE-2019-3822\nWenxiang Qian of Tencent Blade Team discovered that the function\ncreating an outgoing NTLM type-3 header is subject to an integer\noverflow vulnerability, which could lead to an out-of-bounds write.\n\nCVE-2019-3823\nBrian Carpenter of Geeknik Labs discovered that the code handling\nthe end-of-response for SMTP is subject to an out-of-bounds heap\nread.", "cvss3": {}, "published": "2019-02-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4386-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704386", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704386\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_name(\"Debian Security Advisory DSA 4386-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-02-06 00:00:00 +0100 (Wed, 06 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4386.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16890\nWenxiang Qian of Tencent Blade Team discovered that the function\nhandling incoming NTLM type-2 messages does not validate incoming\ndata correctly and is subject to an integer overflow vulnerability,\nwhich could lead to an out-of-bounds buffer read.\n\nCVE-2019-3822\nWenxiang Qian of Tencent Blade Team discovered that the function\ncreating an outgoing NTLM type-3 header is subject to an integer\noverflow vulnerability, which could lead to an out-of-bounds write.\n\nCVE-2019-3823\nBrian Carpenter of Geeknik Labs discovered that the code handling\nthe end-of-response for SMTP is subject to an out-of-bounds heap\nread.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-43489941ff", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16840", "CVE-2018-16890", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875689", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875689\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:16:16 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-43489941ff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-43489941ff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW4KA7SPW75NPMMSYVK4UCCHU4DAPJ4Y\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-43489941ff advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~8.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-12T20:42:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-10T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-697de0501f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5435", "CVE-2019-3823", "CVE-2018-16840", "CVE-2019-5436", "CVE-2018-16890", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310876475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876475", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876475\");\n script_version(\"2019-06-11T06:16:55+0000\");\n script_cve_id(\"CVE-2019-5436\", \"CVE-2019-5435\", \"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-11 06:16:55 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-10 02:09:35 +0000 (Mon, 10 Jun 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-697de0501f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-697de0501f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-697de0501f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~11.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:39:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-f2a520135e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5435", "CVE-2019-3823", "CVE-2018-16840", "CVE-2019-5436", "CVE-2018-16890", "CVE-2019-5481", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2019-5482", "CVE-2018-16842"], "modified": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310876863", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876863", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876863\");\n script_version(\"2019-10-01T10:38:58+0000\");\n script_cve_id(\"CVE-2019-5481\", \"CVE-2019-5482\", \"CVE-2019-5436\", \"CVE-2019-5435\", \"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-01 10:38:58 +0000 (Tue, 01 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:25:41 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-f2a520135e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f2a520135e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-f2a520135e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~12.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:02", "description": "Arch Linux Security Advisory ASA-201902-12\n==========================================\n\nSeverity: High\nDate : 2019-02-12\nCVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823\nPackage : lib32-libcurl-compat\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-875\n\nSummary\n=======\n\nThe package lib32-libcurl-compat before version 7.64.0-1 is vulnerable\nto arbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 7.64.0-1.\n\n# pacman -Syu \"lib32-libcurl-compat>=7.64.0-1\"\n\nThe problems have been fixed upstream in version 7.64.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-16890 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap\nbuffer out-of-bounds read. The function handling incoming NTLM type-2\nmessages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not\nvalidate incoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.\n\n- CVE-2019-3822 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a\nstack-based buffer overflow. The function creating an outgoing NTLM\ntype-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data. The\ncheck that exists to prevent the local buffer from getting overflowed\nis implemented wrongly (using unsigned math) and as such it does not\nprevent the overflow from happening. This output data can grow larger\nthan the local buffer if very large \"nt response\" data is extracted\nfrom a previous NTLMv2 header provided by the malicious or broken HTTP\nserver. Such a \"large value\" needs to be around 1000 bytes or more. The\nactual payload data copied to the target buffer comes from the NTLMv2\ntype-2 response header.\n\n- CVE-2019-3823 (arbitrary code execution)\n\nlibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap\nout-of-bounds read in the code handling the end-of-response for SMTP.\nIf the buffer passed to `smtp_endofresp()` isn't NUL terminated and\ncontains no character ending the parsed number, and `len` is set to 5,\nthen the `strtol()` call reads beyond the allocated buffer. The read\ncontents will not be returned to the caller.\n\nImpact\n======\n\nA malicious remote server could execute arbitrary code by sending\nmalicious NTLM or SMTP replies.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/CVE-2018-16890.html\nhttps://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb\nhttps://curl.haxx.se/docs/CVE-2019-3822.html\nhttps://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc\nhttps://curl.haxx.se/docs/CVE-2019-3823.html\nhttps://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484\nhttps://security.archlinux.org/CVE-2018-16890\nhttps://security.archlinux.org/CVE-2019-3822\nhttps://security.archlinux.org/CVE-2019-3823", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "archlinux", "title": "[ASA-201902-12] lib32-libcurl-compat: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T00:00:00", "id": "ASA-201902-12", "href": "https://security.archlinux.org/ASA-201902-12", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:34:02", "description": "Arch Linux Security Advisory ASA-201902-11\n==========================================\n\nSeverity: High\nDate : 2019-02-12\nCVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823\nPackage : lib32-libcurl-gnutls\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-876\n\nSummary\n=======\n\nThe package lib32-libcurl-gnutls before version 7.64.0-1 is vulnerable\nto arbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 7.64.0-1.\n\n# pacman -Syu \"lib32-libcurl-gnutls>=7.64.0-1\"\n\nThe problems have been fixed upstream in version 7.64.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-16890 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap\nbuffer out-of-bounds read. The function handling incoming NTLM type-2\nmessages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not\nvalidate incoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.\n\n- CVE-2019-3822 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a\nstack-based buffer overflow. The function creating an outgoing NTLM\ntype-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data. The\ncheck that exists to prevent the local buffer from getting overflowed\nis implemented wrongly (using unsigned math) and as such it does not\nprevent the overflow from happening. This output data can grow larger\nthan the local buffer if very large \"nt response\" data is extracted\nfrom a previous NTLMv2 header provided by the malicious or broken HTTP\nserver. Such a \"large value\" needs to be around 1000 bytes or more. The\nactual payload data copied to the target buffer comes from the NTLMv2\ntype-2 response header.\n\n- CVE-2019-3823 (arbitrary code execution)\n\nlibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap\nout-of-bounds read in the code handling the end-of-response for SMTP.\nIf the buffer passed to `smtp_endofresp()` isn't NUL terminated and\ncontains no character ending the parsed number, and `len` is set to 5,\nthen the `strtol()` call reads beyond the allocated buffer. The read\ncontents will not be returned to the caller.\n\nImpact\n======\n\nA malicious remote server could execute arbitrary code by sending\nmalicious NTLM or SMTP replies.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/CVE-2018-16890.html\nhttps://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb\nhttps://curl.haxx.se/docs/CVE-2019-3822.html\nhttps://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc\nhttps://curl.haxx.se/docs/CVE-2019-3823.html\nhttps://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484\nhttps://security.archlinux.org/CVE-2018-16890\nhttps://security.archlinux.org/CVE-2019-3822\nhttps://security.archlinux.org/CVE-2019-3823", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "archlinux", "title": "[ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T00:00:00", "id": "ASA-201902-11", "href": "https://security.archlinux.org/ASA-201902-11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:34:02", "description": "Arch Linux Security Advisory ASA-201902-13\n==========================================\n\nSeverity: High\nDate : 2019-02-12\nCVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823\nPackage : lib32-curl\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-874\n\nSummary\n=======\n\nThe package lib32-curl before version 7.64.0-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 7.64.0-1.\n\n# pacman -Syu \"lib32-curl>=7.64.0-1\"\n\nThe problems have been fixed upstream in version 7.64.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-16890 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap\nbuffer out-of-bounds read. The function handling incoming NTLM type-2\nmessages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not\nvalidate incoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.\n\n- CVE-2019-3822 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a\nstack-based buffer overflow. The function creating an outgoing NTLM\ntype-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data. The\ncheck that exists to prevent the local buffer from getting overflowed\nis implemented wrongly (using unsigned math) and as such it does not\nprevent the overflow from happening. This output data can grow larger\nthan the local buffer if very large \"nt response\" data is extracted\nfrom a previous NTLMv2 header provided by the malicious or broken HTTP\nserver. Such a \"large value\" needs to be around 1000 bytes or more. The\nactual payload data copied to the target buffer comes from the NTLMv2\ntype-2 response header.\n\n- CVE-2019-3823 (arbitrary code execution)\n\nlibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap\nout-of-bounds read in the code handling the end-of-response for SMTP.\nIf the buffer passed to `smtp_endofresp()` isn't NUL terminated and\ncontains no character ending the parsed number, and `len` is set to 5,\nthen the `strtol()` call reads beyond the allocated buffer. The read\ncontents will not be returned to the caller.\n\nImpact\n======\n\nA malicious remote server could execute arbitrary code by sending\nmalicious NTLM or SMTP replies.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/CVE-2018-16890.html\nhttps://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb\nhttps://curl.haxx.se/docs/CVE-2019-3822.html\nhttps://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc\nhttps://curl.haxx.se/docs/CVE-2019-3823.html\nhttps://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484\nhttps://security.archlinux.org/CVE-2018-16890\nhttps://security.archlinux.org/CVE-2019-3822\nhttps://security.archlinux.org/CVE-2019-3823", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "archlinux", "title": "[ASA-201902-13] lib32-curl: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T00:00:00", "id": "ASA-201902-13", "href": "https://security.archlinux.org/ASA-201902-13", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:34:02", "description": "Arch Linux Security Advisory ASA-201902-10\n==========================================\n\nSeverity: High\nDate : 2019-02-12\nCVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823\nPackage : libcurl-gnutls\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-877\n\nSummary\n=======\n\nThe package libcurl-gnutls before version 7.64.0-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 7.64.0-1.\n\n# pacman -Syu \"libcurl-gnutls>=7.64.0-1\"\n\nThe problems have been fixed upstream in version 7.64.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-16890 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap\nbuffer out-of-bounds read. The function handling incoming NTLM type-2\nmessages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not\nvalidate incoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.\n\n- CVE-2019-3822 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a\nstack-based buffer overflow. The function creating an outgoing NTLM\ntype-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data. The\ncheck that exists to prevent the local buffer from getting overflowed\nis implemented wrongly (using unsigned math) and as such it does not\nprevent the overflow from happening. This output data can grow larger\nthan the local buffer if very large \"nt response\" data is extracted\nfrom a previous NTLMv2 header provided by the malicious or broken HTTP\nserver. Such a \"large value\" needs to be around 1000 bytes or more. The\nactual payload data copied to the target buffer comes from the NTLMv2\ntype-2 response header.\n\n- CVE-2019-3823 (arbitrary code execution)\n\nlibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap\nout-of-bounds read in the code handling the end-of-response for SMTP.\nIf the buffer passed to `smtp_endofresp()` isn't NUL terminated and\ncontains no character ending the parsed number, and `len` is set to 5,\nthen the `strtol()` call reads beyond the allocated buffer. The read\ncontents will not be returned to the caller.\n\nImpact\n======\n\nA malicious remote server could execute arbitrary code by sending\nmalicious NTLM or SMTP replies.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/CVE-2018-16890.html\nhttps://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb\nhttps://curl.haxx.se/docs/CVE-2019-3822.html\nhttps://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc\nhttps://curl.haxx.se/docs/CVE-2019-3823.html\nhttps://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484\nhttps://security.archlinux.org/CVE-2018-16890\nhttps://security.archlinux.org/CVE-2019-3822\nhttps://security.archlinux.org/CVE-2019-3823", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "archlinux", "title": "[ASA-201902-10] libcurl-gnutls: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T00:00:00", "id": "ASA-201902-10", "href": "https://security.archlinux.org/ASA-201902-10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:34:02", "description": "Arch Linux Security Advisory ASA-201902-9\n=========================================\n\nSeverity: High\nDate : 2019-02-12\nCVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823\nPackage : curl\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-873\n\nSummary\n=======\n\nThe package curl before version 7.64.0-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 7.64.0-1.\n\n# pacman -Syu \"curl>=7.64.0-1\"\n\nThe problems have been fixed upstream in version 7.64.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-16890 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap\nbuffer out-of-bounds read. The function handling incoming NTLM type-2\nmessages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not\nvalidate incoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.\n\n- CVE-2019-3822 (arbitrary code execution)\n\nlibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a\nstack-based buffer overflow. The function creating an outgoing NTLM\ntype-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data. The\ncheck that exists to prevent the local buffer from getting overflowed\nis implemented wrongly (using unsigned math) and as such it does not\nprevent the overflow from happening. This output data can grow larger\nthan the local buffer if very large \"nt response\" data is extracted\nfrom a previous NTLMv2 header provided by the malicious or broken HTTP\nserver. Such a \"large value\" needs to be around 1000 bytes or more. The\nactual payload data copied to the target buffer comes from the NTLMv2\ntype-2 response header.\n\n- CVE-2019-3823 (arbitrary code execution)\n\nlibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap\nout-of-bounds read in the code handling the end-of-response for SMTP.\nIf the buffer passed to `smtp_endofresp()` isn't NUL terminated and\ncontains no character ending the parsed number, and `len` is set to 5,\nthen the `strtol()` call reads beyond the allocated buffer. The read\ncontents will not be returned to the caller.\n\nImpact\n======\n\nA malicious remote server could execute arbitrary code by sending\nmalicious NTLM or SMTP replies.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/CVE-2018-16890.html\nhttps://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb\nhttps://curl.haxx.se/docs/CVE-2019-3822.html\nhttps://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc\nhttps://curl.haxx.se/docs/CVE-2019-3823.html\nhttps://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484\nhttps://security.archlinux.org/CVE-2018-16890\nhttps://security.archlinux.org/CVE-2019-3822\nhttps://security.archlinux.org/CVE-2019-3823", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "archlinux", "title": "[ASA-201902-9] curl: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T00:00:00", "id": "ASA-201902-9", "href": "https://security.archlinux.org/ASA-201902-9", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2023-02-08T16:13:22", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded.\n This release fixes the following security issues:\n NTLM type-2 out-of-bounds buffer read.\n NTLMv2 type-3 header stack buffer overflow.\n SMTP end-of-response out-of-bounds read.\n For more information, see:\n https://vulners.com/cve/CVE-2018-16890\n https://vulners.com/cve/CVE-2019-3822\n https://vulners.com/cve/CVE-2019-3823\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz\n\nSlackware x86_64 -current package:\n869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg curl-7.64.0-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-06T23:59:25", "type": "slackware", "title": "[slackware-security] curl", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-06T23:59:25", "id": "SSA-2019-037-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.433275", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:59", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823)\n\nCVEs contained in this USN include: CVE-2018-16890, CVE-2019-3822, CVE-2019-3823\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.79\n * 3541.x versions prior to 3541.80\n * 3468.x versions prior to 3468.101\n * 3445.x versions prior to 3445.97\n * 3421.x versions prior to 3421.117\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 250.x versions prior to 250.9\n * 170.x versions prior to 170.30\n * 97.x versions prior to 97.57\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.264.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.58.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.79\n * Upgrade 3541.x versions to 3541.80\n * Upgrade 3468.x versions to 3468.101\n * Upgrade 3445.x versions to 3445.97\n * Upgrade 3421.x versions to 3421.117\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 250.x versions to 250.9\n * Upgrade 170.x versions to 170.30\n * Upgrade 97.x versions to 97.57\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.264.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.58.0 or later.\n\n# References\n\n * [USN-3882-1](<https://usn.ubuntu.com/3882-1>)\n * [CVE-2018-16890](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16890>)\n * [CVE-2019-3822](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3822>)\n * [CVE-2019-3823](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3823>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-15T00:00:00", "type": "cloudfoundry", "title": "USN-3882-1: curl vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-02-15T00:00:00", "id": "CFOUNDRY:057632FDE3425E82800DCEC32F03F510", "href": "https://www.cloudfoundry.org/blog/usn-3882-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:42:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for curl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the\n end-of-response for SMTP (bsc#1123378).\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function\n creating an outgoing NTLM type-3 message (bsc#1123377).\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\n handling incoming NTLM type-2 messages (bsc#1123371).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-173=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-14T00:00:00", "type": "suse", "title": "Security update for curl (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-14T00:00:00", "id": "OPENSUSE-SU-2019:0173-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWG6XCI25R5UAT6SGZTOCSV5F6V7W2ZQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:42:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for curl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the\n end-of-response for SMTP (bsc#1123378).\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function\n creating an outgoing NTLM type-3 message (bsc#1123377).\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\n handling incoming NTLM type-2 messages (bsc#1123371).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-174=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-14T00:00:00", "type": "suse", "title": "Security update for curl (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-14T00:00:00", "id": "OPENSUSE-SU-2019:0174-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DRDOZ4FJSPSJNNQSD2FOPKFCVGMYT4J2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\ncurl security problems:\n\nCVE-2018-16890: NTLM type-2 out-of-bounds buffer read\nlibcurl contains a heap buffer out-of-bounds read flaw.\nThe function handling incoming NTLM type-2 messages\n\t (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming\n\t data correctly and is subject to an integer overflow vulnerability.\nUsing that overflow, a malicious or broken NTLM server could trick\n\t libcurl to accept a bad length + offset combination that would lead to a\n\t buffer read out-of-bounds.\nCVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\nlibcurl contains a stack based buffer overflow vulnerability.\nThe function creating an outgoing NTLM type-3 header\n\t (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the\n\t request HTTP header contents based on previously received data. The\n\t check that exists to prevent the local buffer from getting overflowed is\n\t implemented wrongly (using unsigned math) and as such it does not\n\t prevent the overflow from happening.\nThis output data can grow larger than the local buffer if very large\n\t \"nt response\" data is extracted from a previous NTLMv2 header provided\n\t by the malicious or broken HTTP server.\nSuch a \"large value\" needs to be around 1000 bytes or more. The actual\n\t payload data copied to the target buffer comes from the NTLMv2 type-2\n\t response header.\nCVE-2019-3823: SMTP end-of-response out-of-bounds read\nlibcurl contains a heap out-of-bounds read in the code handling the\n\t end-of-response for SMTP.\nIf the buffer passed to smtp_endofresp() isn't NUL terminated and\n\t contains no character ending the parsed number, and len is set to 5,\n\t then the strtol() call reads beyond the allocated buffer. The read\n\t contents will not be returned to the caller.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "freebsd", "title": "curl -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-07T00:00:00", "id": "714B033A-2B09-11E9-8BC3-610FD6E6CD05", "href": "https://vuxml.freebsd.org/freebsd/714b033a-2b09-11e9-8bc3-610fd6e6cd05.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-02-18T23:56:06", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4386-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nFebruary 06, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16890\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n handling incoming NTLM type-2 messages does not validate incoming\n data correctly and is subject to an integer overflow vulnerability,\n which could lead to an out-of-bounds buffer read.\n\nCVE-2019-3822\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n creating an outgoing NTLM type-3 header is subject to an integer\n overflow vulnerability, which could lead to an out-of-bounds write.\n\nCVE-2019-3823\n\n Brian Carpenter of Geeknik Labs discovered that the code handling\n the end-of-response for SMTP is subject to an out-of-bounds heap\n read.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9.\n\nWe recommend that you upgrade your curl packages.\n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-06T22:36:32", "type": "debian", "title": "[SECURITY] [DSA 4386-1] curl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-06T22:36:32", "id": "DEBIAN:DSA-4386-1:8CA8C", "href": "https://lists.debian.org/debian-security-announce/2019/msg00025.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-05T03:50:36", "description": "Package : curl\nVersion : 7.38.0-4+deb8u14\nCVE IDs : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823\n\nIt was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client:\n\n * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in\n the handling of NTLM type-2 messages.\n\n * CVE-2019-3822: Stack-based buffer overflow in the handling of\n outgoing NTLM type-3 headers.\n\n * CVE-2019-3823: Heap out-of-bounds read in code handling\n the end of a response in the SMTP protocol.\n\nFor Debian 8 "Jessie", this issue has been fixed in curl version\n7.38.0-4+deb8u14.\n\nWe recommend that you upgrade your curl packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org \ud83c\udf65 chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-11T15:43:52", "type": "debian", "title": "[SECURITY] [DLA 1672-1] curl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-11T15:43:52", "id": "DEBIAN:DLA-1672-1:150F0", "href": "https://lists.debian.org/debian-lts-announce/2019/02/msg00018.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-23T21:48:12", "description": "## Summary\n\nIBM Event Streams has addressed the following vulnerabilities in the shipped cURL libraries.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-16890](<https://vulners.com/cve/CVE-2018-16890>) \n**DESCRIPTION: ** cURL libcurl could allow a remote attacker to obtain sensitive information. The function handling incoming NTLM type-2 messages fails to properly validate incoming data and triggers an integer overflow. An attacker could exploit this vulnerability using the overflow to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156649> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-3822](<https://vulners.com/cve/CVE-2019-3822>) \n**DESCRIPTION: ** cURL libcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header generates the request HTTP header contents based on previously received data. By sending an overly large \"nt response\" data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156651> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3823](<https://vulners.com/cve/CVE-2019-3823>) \n**DESCRIPTION: ** cURL libcurl could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when handling certain SMTP responses. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156650> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Event Streams 2018.3.0\n\nIBM Event Streams 2018.3.1\n\n## Remediation/Fixes\n\nUpgrade to IBM Event Streams 2019.1.1 which is available from [Passport Advantage](<https://www.ibm.com/software/passportadvantage/>).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-29T11:00:02", "type": "ibm", "title": "Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-03-29T11:00:02", "id": "9F3C4C50CE56EAE77267FE45D46F5180B779FC1108FDDCB1753F71524E0BAE37", "href": "https://www.ibm.com/support/pages/node/876554", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:07:00", "description": "\nMultiple vulnerabilities were discovered in cURL, an URL transfer library.\n\n\n* [CVE-2018-16890](https://security-tracker.debian.org/tracker/CVE-2018-16890)\nWenxiang Qian of Tencent Blade Team discovered that the function\n handling incoming NTLM type-2 messages does not validate incoming\n data correctly and is subject to an integer overflow vulnerability,\n which could lead to an out-of-bounds buffer read.\n* [CVE-2019-3822](https://security-tracker.debian.org/tracker/CVE-2019-3822)\nWenxiang Qian of Tencent Blade Team discovered that the function\n creating an outgoing NTLM type-3 header is subject to an integer\n overflow vulnerability, which could lead to an out-of-bounds write.\n* [CVE-2019-3823](https://security-tracker.debian.org/tracker/CVE-2019-3823)\nBrian Carpenter of Geeknik Labs discovered that the code handling\n the end-of-response for SMTP is subject to an out-of-bounds heap\n read.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9.\n\n\nWe recommend that you upgrade your curl packages.\n\n\nFor the detailed security status of curl please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/curl](https://security-tracker.debian.org/tracker/curl)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-06T00:00:00", "type": "osv", "title": "curl - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2022-08-10T07:06:57", "id": "OSV:DSA-4386-1", "href": "https://osv.dev/vulnerability/DSA-4386-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:25", "description": "\nIt was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client:\n\n\n* [CVE-2018-16890](https://security-tracker.debian.org/tracker/CVE-2018-16890)\nA heap buffer out-of-bounds read vulnerability in\n the handling of NTLM type-2 messages.\n* [CVE-2019-3822](https://security-tracker.debian.org/tracker/CVE-2019-3822)\nStack-based buffer overflow in the handling of\n outgoing NTLM type-3 headers.\n* [CVE-2019-3823](https://security-tracker.debian.org/tracker/CVE-2019-3823)\nHeap out-of-bounds read in code handling\n the end of a response in the SMTP protocol.\n\n\nFor Debian 8 Jessie, this issue has been fixed in curl version\n7.38.0-4+deb8u14.\n\n\nWe recommend that you upgrade your curl packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-11T00:00:00", "type": "osv", "title": "curl - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2022-08-05T05:18:23", "id": "OSV:DLA-1672-1", "href": "https://osv.dev/vulnerability/DLA-1672-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:01:14", "description": "## Releases\n\n * Ubuntu 18.10 \n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * curl \\- HTTP, HTTPS, and FTP client and client libraries\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLM \nauthentication messages. A remote attacker could possibly use this issue to \ncause curl to crash, resulting in a denial of service. This issue only \napplied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2 \nauthentication messages. A remote attacker could use this issue to cause \ncurl to crash, resulting in a denial of service, or possibly execute \narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 \nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP \nresponses. A remote attacker could possibly use this issue to cause curl to \ncrash, resulting in a denial of service. (CVE-2019-3823)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-06T00:00:00", "type": "ubuntu", "title": "curl vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-06T00:00:00", "id": "USN-3882-1", "href": "https://ubuntu.com/security/notices/USN-3882-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:37:36", "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-05T20:52:39", "type": "redhat", "title": "(RHSA-2019:3701) Moderate: curl security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-11-05T21:45:53", "id": "RHSA-2019:3701", "href": "https://access.redhat.com/errata/RHSA-2019:3701", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-13T21:59:30", "description": "This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)\n\n* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)\n\n* libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service (CVE-2018-14404)\n\n* curl: Out-of-bounds read in code handling HTTP/2 trailers (CVE-2018-1000005)\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* httpd: privilege escalation from modules scripts (CVE-2019-0211)\n\nDetails around these issues, including information about CVEs, severity of the issues, and CVSS scores can be found on the CVE pages listed in the References section below.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-18T19:07:29", "type": "redhat", "title": "(RHSA-2019:1543) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0495", "CVE-2018-0732", "CVE-2018-1000005", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-14404", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2019-0211", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5436"], "modified": "2020-05-08T04:58:47", "id": "RHSA-2019:1543", "href": "https://access.redhat.com/errata/RHSA-2019:1543", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:41", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard > Table Panel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url (CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-10-27T14:57:54", "type": "redhat", "title": "(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0169", "CVE-2016-10739", "CVE-2018-14404", "CVE-2018-14498", "CVE-2018-16890", "CVE-2018-18074", "CVE-2018-18624", "CVE-2018-18751", "CVE-2018-19519", "CVE-2018-20060", "CVE-2018-20337", "CVE-2018-20483", "CVE-2018-20657", "CVE-2018-20852", "CVE-2018-9251", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-11070", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-11358", "CVE-2019-11459", "CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-12450", "CVE-2019-12795", "CVE-2019-13232", "CVE-2019-13636", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-14822", "CVE-2019-14973", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-15718", "CVE-2019-15847", "CVE-2019-16056", "CVE-2019-16769", "CVE-2019-17451", "CVE-2019-18408", "CVE-2019-19126", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-3825", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-5094", "CVE-2019-5436", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5953", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-6454", "CVE-2019-6706", "CVE-2019-7146", "CVE-2019-7149", "CVE-2019-7150", "CVE-2019-7664", "CVE-2019-7665", "CVE-2019-8457", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8666", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8675", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8679", "CVE-2019-8681", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8696", "CVE-2019-8726", "CVE-2019-8735", "CVE-2019-8768", "CVE-2020-10531", "CVE-2020-10715", "CVE-2020-10743", "CVE-2020-11008", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11110", "CVE-2020-12049", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13822", "CVE-2020-14040", "CVE-2020-14336", "CVE-2020-15366", "CVE-2020-15719", "CVE-2020-1712", "CVE-2020-7013", "CVE-2020-7598", "CVE-2020-7662", "CVE-2020-8203", "CVE-2020-8559", "CVE-2020-9283"], "modified": "2020-10-28T00:36:30", "id": "RHSA-2020:4298", "href": "https://access.redhat.com/errata/RHSA-2020:4298", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:11", "description": "[7.61.1-11]\n- rebuild with updated annobin to prevent Execshield RPMDiff check from failing\n[7.61.1-10]\n- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n- fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n- fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)\n- xattr: strip credentials from any URL that is stored (CVE-2018-20483)\n[7.61.1-9]\n- do not let libssh create a new socket for SCP/SFTP (#1669156)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-14T00:00:00", "type": "oraclelinux", "title": "curl security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-11-14T00:00:00", "id": "ELSA-2019-3701", "href": "http://linux.oracle.com/errata/ELSA-2019-3701.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:03:54", "description": "### Background\n\nA command line tool and library for transferring data with URLs.\n\n### Description\n\nMultiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll cURL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/curl-7.64.0\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-10T00:00:00", "type": "gentoo", "title": "cURL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-03-10T00:00:00", "id": "GLSA-201903-03", "href": "https://security.gentoo.org/glsa/201903-03", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-12T02:58:21", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-8.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T02:58:21", "id": "FEDORA:D8E6160F62FB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WW4KA7SPW75NPMMSYVK4UCCHU4DAPJ4Y/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-09T02:58:45", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-11.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5435", "CVE-2019-5436"], "modified": "2019-06-09T02:58:45", "id": "FEDORA:995AF61F9AAB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-29T02:22:57", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-12.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5481", "CVE-2019-5482"], "modified": "2019-09-29T02:22:57", "id": "FEDORA:7CCA26069A73", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-02-08T17:38:56", "description": "**Issue Overview:**\n\nlibcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.(CVE-2018-16890) \n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.(CVE-2018-16839)\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 libcurl-7.61.1-9.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 libcurl-devel-7.61.1-9.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.61.1-9.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 libcurl-7.61.1-9.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 libcurl-devel-7.61.1-9.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.61.1-9.amzn2.0.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-7.61.1-9.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-devel-7.61.1-9.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.61.1-9.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2017-1000254](<https://access.redhat.com/security/cve/CVE-2017-1000254>), [CVE-2017-1000257](<https://access.redhat.com/security/cve/CVE-2017-1000257>), [CVE-2017-8816](<https://access.redhat.com/security/cve/CVE-2017-8816>), [CVE-2017-8817](<https://access.redhat.com/security/cve/CVE-2017-8817>), [CVE-2017-8818](<https://access.redhat.com/security/cve/CVE-2017-8818>), [CVE-2018-16839](<https://access.redhat.com/security/cve/CVE-2018-16839>), [CVE-2018-16840](<https://access.redhat.com/security/cve/CVE-2018-16840>), [CVE-2018-16842](<https://access.redhat.com/security/cve/CVE-2018-16842>), [CVE-2018-16890](<https://access.redhat.com/security/cve/CVE-2018-16890>), [CVE-2018-20483](<https://access.redhat.com/security/cve/CVE-2018-20483>), [CVE-2019-3822](<https://access.redhat.com/security/cve/CVE-2019-3822>), [CVE-2019-3823](<https://access.redhat.com/security/cve/CVE-2019-3823>)\n\nMitre: [CVE-2017-1000254](<https://vulners.com/cve/CVE-2017-1000254>), [CVE-2017-1000257](<https://vulners.com/cve/CVE-2017-1000257>), [CVE-2017-8816](<https://vulners.com/cve/CVE-2017-8816>), [CVE-2017-8817](<https://vulners.com/cve/CVE-2017-8817>), [CVE-2017-8818](<https://vulners.com/cve/CVE-2017-8818>), [CVE-2018-16839](<https://vulners.com/cve/CVE-2018-16839>), [CVE-2018-16840](<https://vulners.com/cve/CVE-2018-16840>), [CVE-2018-16842](<https://vulners.com/cve/CVE-2018-16842>), [CVE-2018-16890](<https://vulners.com/cve/CVE-2018-16890>), [CVE-2018-20483](<https://vulners.com/cve/CVE-2018-20483>), [CVE-2019-3822](<https://vulners.com/cve/CVE-2019-3822>), [CVE-2019-3823](<https://vulners.com/cve/CVE-2019-3823>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-16T00:34:00", "type": "amazon", "title": "Medium: curl", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-18T17:59:00", "id": "ALAS2-2019-1162", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1162.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kitploit": [{"lastseen": "2023-02-08T15:38:34", "description": "A Simple and Comprehensive [Vulnerability Scanner](<https://www.kitploit.com/search/label/Vulnerability%20Scanner> \"Vulnerability Scanner\" ) for Containers, Suitable for CI. \n \n\n\n[![](https://1.bp.blogspot.com/-1UySMBavE18/XbTjD34g1JI/AAAAAAAAQu4/4Te6530_9tYsuMryQd-Se0KGB4nkAY7IgCNcBGAsYHQ/s640/trivy_7_usage.gif)](<https://1.bp.blogspot.com/-1UySMBavE18/XbTjD34g1JI/AAAAAAAAQu4/4Te6530_9tYsuMryQd-Se0KGB4nkAY7IgCNcBGAsYHQ/s1600/trivy_7_usage.gif>)\n\n \n\n\n[![](https://1.bp.blogspot.com/-TYOxC4Qbct0/XbTjCrjEsxI/AAAAAAAAQuw/YGfdv_fB-HcijuGyoJsxeM2l4q1D9lcPgCNcBGAsYHQ/s640/trivy_9_usage2.png)](<https://1.bp.blogspot.com/-TYOxC4Qbct0/XbTjCrjEsxI/AAAAAAAAQuw/YGfdv_fB-HcijuGyoJsxeM2l4q1D9lcPgCNcBGAsYHQ/s1600/trivy_9_usage2.png>)\n\n \n\n\n[![](https://1.bp.blogspot.com/-sAp8dBwyVio/XbTjC1BIl1I/AAAAAAAAQu0/jfNQGljukp47bc9yJ_QX6nghXis43LkJQCNcBGAsYHQ/s640/trivy_8_usage1.png)](<https://1.bp.blogspot.com/-sAp8dBwyVio/XbTjC1BIl1I/AAAAAAAAQu0/jfNQGljukp47bc9yJ_QX6nghXis43LkJQCNcBGAsYHQ/s1600/trivy_8_usage1.png>)\n\n \n**Abstract** \n`Trivy` (`tri` pronounced like **tri**gger, `vy` pronounced like en**vy**) is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. `Trivy` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.). `Trivy` is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify an image name of container. \nIt is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily. See [here](<https://github.com/aquasecurity/trivy#continuous-integration-ci> \"here\" ) for details. \n \n**Features** \n\n\n * Detect comprehensive vulnerabilities \n * OS packages (Alpine, **Red Hat Universal Base Image**, [Red Hat Enterprise](<https://www.kitploit.com/search/label/Red%20Hat%20Enterprise> \"Red Hat Enterprise\" ) Linux, CentOS, Debian and Ubuntu)\n * **Application dependencies** (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo)\n * Simple \n * Specify only an image name\n * See [Quick Start](<https://github.com/aquasecurity/trivy#quick-start> \"Quick Start\" ) and [Examples](<https://github.com/aquasecurity/trivy#examples> \"Examples\" )\n * Easy installation \n * `apt-get install`, `yum install` and `brew install` is possible (See [Installation](<https://github.com/aquasecurity/trivy#installation> \"Installation\" ))\n * **No need for prerequirements** such as installation of DB, libraries, etc. (The exception is that you need `rpm` installed to scan images based on RHEL/CentOS. This is automatically included if you use our installers or the Trivy container image. See [Vulnerability Detection](<https://github.com/aquasecurity/trivy#vulnerability-detection> \"Vulnerability Detection\" ) for background information.)\n * High accuracy \n * **Especially Alpine Linux and RHEL/CentOS**\n * Other OSes are also high\n * DevSecOps \n * **Suitable for CI** such as Travis CI, CircleCI, Jenkins, etc.\n * See [CI Example](<https://github.com/aquasecurity/trivy#continuous-integration-ci> \"CI Example\" )\n \n**Installation** \n \n**RHEL/CentOS** \nAdd repository setting to `/etc/yum.repos.d`. \n\n \n \n $ sudo vim /etc/yum.repos.d/trivy.repo\n [trivy]\n name=Trivy repository\n baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/\n gpgcheck=0\n enabled=1\n $ sudo yum -y update\n $ sudo yum -y install trivy\n\nor \n\n \n \n $ rpm -ivh https://github.com/aquasecurity/trivy/releases/download/v0.1.6/trivy_0.1.6_Linux-64bit.rpm\n\n \n**Debian/Ubuntu** \nAdd repository to `/etc/apt/sources.list.d`. \n\n \n \n $ sudo apt-get install wget apt-transport-https gnupg lsb-release\n $ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -\n $ echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list\n $ sudo apt-get update\n $ sudo apt-get install trivy\n\nor \n\n \n \n $ sudo apt-get install rpm\n $ wget https://github.com/aquasecurity/trivy/releases/download/v0.1.6/trivy_0.1.6_Linux-64bit.deb\n $ sudo dpkg -i trivy_0.1.6_Linux-64bit.deb\n\n \n**Arch Linux** \nPackage trivy-bin can be installed from the Arch User Repository. Examples: \n\n \n \n pikaur -Sy trivy-bin\n\nor \n\n \n \n yay -Sy trivy-bin\n\n \n**Homebrew** \nYou can use homebrew on macOS. \n\n \n \n $ brew install aquasecurity/trivy/trivy\n\n \n**Binary (Including Windows)** \nGet the latest version from [this page](<https://github.com/aquasecurity/trivy/releases/latest> \"this page\" ), and download the archive file for your operating system/architecture. Unpack the archive, and put the binary somewhere in your `$PATH` (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on. \nYou also need to install `rpm` command for scanning images based on RHEL/CentOS. \n \n**From source** \n\n \n \n $ mkdir -p $GOPATH/src/github.com/aquasecurity\n $ cd $GOPATH/src/github.com/aquasecurity\n $ git clone https://github.com/aquasecurity/trivy\n $ cd trivy/cmd/trivy/\n $ export GO111MODULE=on\n $ go install\n\nYou also need to install `rpm` command for scanning images based on RHEL/CentOS. \n \n**Quick Start** \nSimply specify an image name (and a tag). **The `latest` tag should be avoided as problems occur with cache.**. See [Clear image caches](<https://github.com/aquasecurity/trivy#clear-image-caches> \"Clear image caches\" ). \n \n**Basic** \n\n \n \n $ trivy [YOUR_IMAGE_NAME]\n\nFor example: \n\n \n \n $ trivy python:3.4-alpine\n\n \n \nResult \n\n \n \n 2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...\n 2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n**Docker** \nReplace [YOUR_CACHE_DIR] with the cache directory on your machine. \n\n \n \n $ docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy [YOUR_IMAGE_NAME]\n\nExample for macOS: \n\n \n \n $ docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy python:3.4-alpine\n\nIf you would like to scan the image on your host machine, you need to mount `docker.sock`. \n\n \n \n $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \\\n -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy python:3.4-alpine\n\nPlease re-pull latest `aquasec/trivy` if an error occurred. \n \n \nResult \n\n \n \n 2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...\n 2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n**Examples** \n \n**Scan an image** \nSimply specify an image name (and a tag). \n\n \n \n $ trivy knqyf263/vuln-image:1.2.3\n\n \n \nResult \n\n \n \n 2019-05-16T12:58:55.967+0900 INFO Updating vulnerability database...\n 2019-05-16T12:59:03.150+0900 INFO Detecting Alpine vulnerabilities...\n 2019-05-16T12:59:03.156+0900 INFO Updating bundler Security DB...\n 2019-05-16T12:59:04.941+0900 INFO Detecting bundler vulnerabilities...\n 2019-05-16T12:59:04.942+0900 INFO Updating cargo Security DB...\n 2019-05-16T12:59:05.967+0900 INFO Detecting cargo vulnerabilities...\n 2019-05-16T12:59:05.967+0900 INFO Updating composer Security DB...\n 2019-05-16T12:59:07.834+0900 INFO Detecting composer vulnerabilities...\n 2019-05-16T12:59:07.834+0900 INFO Updating npm Security DB...\n 2019-05-16T12:59:10.285+0900 INFO Detecting npm vulnerabilities...\n 2019-05-16T12:59:10.285+0900 INFO Updating pipenv Security DB...\n 2019-05-16T12:59:11.487+0900 INFO Detecting pipenv vulnerabilities...\n \n knqyf263/vuln-image:1.2.3 (alpine 3.7.1)\n ===== ===================================\n Total: 26 (UNKNOWN: 0, LOW: 3, MEDIUM: 16, HIGH: 5, CRITICAL: 2)\n \n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | curl | CVE-2018-14618 | CRITICAL | 7.61.0-r0 | 7.61.1-r0 | curl: NTLM password overflow |\n | | | | | | via integer overflow |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2018-16839 | HIGH | | 7.61.1-r1 | curl: Integer overflow leading |\n | | | | | | to heap-based buffer overflow in |\n | | | | | | Curl_sasl_create_plain_message() |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |\n | | | | | | stack buffer overflow |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16840 | | | 7.61.1-r1 | curl: Use-after-free when |\n | | | | | | closing \"easy\" handle in |\n | | | | | | Curl_close() |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-16842 | MEDIUM | | | curl: Heap-based buffer |\n | | | | | | over-read in the curl tool |\n | | | | | | warning formatting |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16890 | | | 7.61.1-r2 | curl: NTLM type-2 heap |\n | | | | | | out-of-bounds buffer read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3823 | | | | curl: SMTP end-of-response |\n | | | | | | out-of-bounds read |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | git | CVE-2018-17456 | HIGH | 2.15.2-r0 | 2.15.3-r0 | git: arbitrary code execution |\n | | | | | | via .gitmodules |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-19486 | | | | git: Improper handling of |\n | | | | | | PATH allows for commands to be |\n | | | | | | executed from... |\n +---------+-- ----------------+----------+-------------------+---------------+----------------------------------+\n | libssh2 | CVE-2019-3855 | CRITICAL | 1.8.0-r2 | 1.8.1-r0 | libssh2: Integer overflow in |\n | | | | | | transport read resulting in |\n | | | | | | out of bounds write... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2019-3859 | MEDIUM | | | libssh2: Unchecked use of |\n | | | | | | _libssh2_packet_require and |\n | | | | | | _libssh2_packet_requirev |\n | | | | | | resulting in out-of-bounds |\n | | | | | | read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3858 | | | | libssh2: Zero-byte allocation |\n | | | | | | with a specially crafted SFTP |\n | | | | | | packed leading to an... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3863 | | | | libssh2: Integer overflow |\n | | | | | | in user authenticate |\n | | | | | | keyboard interactive allows |\n | | | | | | out-of-bounds writes |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3862 | | | | libssh2: Out-of-bounds memory |\n | | | | | | comparison with specially |\n | | | | | | crafted message channel |\n | | | | | | request |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3860 | | | | l ibssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SFTP |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3857 | | | | libssh2: Integer overflow in |\n | | | | | | SSH packet processing channel |\n | | | | | | resulting in out of... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3861 | | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SSH |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3856 | | | | libssh2: Integer overflow in |\n | | | | | | keyboard interactive handling |\n | | | | | | resulting in out of bounds... |\n +---------+------------------+ +-------------------+---------------+----------------------------------+\n | libxml2 | CVE-2018-14567 | | 2.9.7-r0 | 2.9.8-r1 | libxml2: Infinite loop when |\n | | | | | | --with-lzma is used allows for |\n | | | | | | denial of service... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-14404 | | | | libxml2: NULL pointer |\n | | | | | | dereference in |\n | | | | | | xpath.c:xmlXPathCompOpEval() |\n | | | | | | can allow attackers to cause |\n | | | | | | a... |\n + +------------------+- ---------+ + +----------------------------------+\n | | CVE-2018-9251 | LOW | | | libxml2: infinite loop in |\n | | | | | | xz_decomp function in xzlib.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | openssh | CVE-2019-6109 | MEDIUM | 7.5_p1-r9 | 7.5_p1-r10 | openssh: Missing character |\n | | | | | | encoding in progress display |\n | | | | | | allows for spoofing of scp... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-6111 | | | | openssh: Impro per validation |\n | | | | | | of object names allows |\n | | | | | | malicious server to overwrite |\n | | | | | | files... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-20685 | LOW | | | openssh: scp client improper |\n | | | | | | directory name validation |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | sqlite | CVE-2018-20346 | MEDIUM | 3.21.0-r1 | 3.25.3-r0 | sqlite: Multiple flaws in |\n | | | | | | sqlite which can be triggered |\n | | | | | | via corrupted internal... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | tar | CVE-2018-20482 | LOW | 1.29-r1 | 1.31-r0 | tar: Infinite read loop in |\n | | | | | | sparse_dump_region function in |\n | | | | | | sparse.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n \n ruby-app/Gemfile.lock\n =====================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +----------------------+------------------+----------+-------------------+----------- ----+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +----------------------+------------------+----------+-------------------+---------------+--------------------------------+\n | rails-html-sanitizer | CVE-2018-3741 | MEDIUM | 1.0.3 | >= 1.0.4 | rubygem-rails-html-sanitizer: |\n | | | | | | non-whitelisted attributes |\n | | | | | | are present in sanitized |\n | | | | | | output when input with |\n | | | | | | specially-crafted... |\n +----------------------+------------------+----------+- ------------------+---------------+--------------------------------+\n \n rust-app/Cargo.lock\n ===================\n Total: 3 (UNKNOWN: 3, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n \n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n | ammonia | RUSTSEC-2019-0001 | UNKNOWN | 1.9.0 | >= 2.1.0 | Uncontrolled recursion leads |\n | | | | | | to abort in HTML serialization |\n +---------+-------------------+ +-------------------+---------------+--------------------------------+\n | openssl | RUSTSEC-2016-0001 | | 0.8.3 | >= 0.9.0 | SSL/TLS MitM vulne rability due |\n | | | | | | to insecure defaults |\n + +-------------------+ + +---------------+--------------------------------+\n | | RUSTSEC-2018-0010 | | | >= 0.10.9 | Use after free in CMS Signing |\n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n \n php-app/composer.lock\n =====================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +-------------------+------------------+----------+-------------------+---------------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +-------------------+------------------+----------+-------------------+---------------------+--------------------------- -----+\n | guzzlehttp/guzzle | CVE-2016-5385 | MEDIUM | 6.2.0 | 6.2.1, 4.2.4, 5.3.1 | PHP: sets environmental |\n | | | | | | variable based on user |\n | | | | | | supplied Proxy request header |\n +-------------------+------------------+----------+-------------------+---------------------+--------------------------------+\n \n node-app/package-lock.json\n ==========================\n Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 1, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+---------------- ----------------+\n | jquery | CVE-2019-5428 | MEDIUM | 3.3.9 | >=3.4.0 | Modification of |\n | | | | | | Assumed-Immutable Data (MAID) |\n + +------------------+ + + +--------------------------------+\n | | CVE-2019-11358 | | | | js-jquery: prototype pollution |\n | | | | | | in object's prototype leading |\n | | | | | | to denial of service or... |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | lodash | CVE-2018-16487 | HIGH | 4.17.4 | >=4.17.11 | lodash: Prototype pollution in |\n | | | | | | utilities function |\n + +------------------+----------+ +---------------+ +\n | | CVE-2018-3721 | MEDIUM | | >=4.17.5 | |\n | | | | | | |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n \n python-app/Pipfile.lock\n =======================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n | django | CVE-2019-6975 | MEDIUM | 2.0.9 | 2.0.11 | python-django: |\n | | | | | | memory exhaustion in |\n | | | | | | django.utils.numberformat.format() |\n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n\n \n \n**Scan an image file** \n\n \n \n $ docker save ruby:2.3.0-alpine3.9 -o ruby-2.3.0.tar\n $ trivy --input ruby-2.3.0.tar\n\n \n \nResult \n\n \n \n 2019-05-16T12:45:57.332+0900 INFO Updating vulnerability database...\n 2019-05-16T12:45:59.119+0900 INFO Detecting Debian vulnerabilities...\n \n ruby-2.3.0.tar (debian 8.4)\n ===========================\n Total: 7447 (UNKNOWN: 5, LOW: 326, MEDIUM: 5695, HIGH: 1316, CRITICAL: 105)\n \n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of the |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian |\n | | | | | | jessie before 1.0.9.8.4, in |\n | | | | | | Debian unstable before... |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2011-3374 | LOW | | | |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | bash | CVE-2016-7543 | HIGH | 4.3-11 | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n + +---------------------+ + +----------------------------------+-----------------------------------------------------+\n | | CVE-2019-9924 | | | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-0634 | MEDIUM | | 4.3-11+deb8u1 | bash: Arbitrary code execution |\n | | | | | | via malicious hostname |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free |\n + +---------------------+ + +----------------------------------+--------------------- --------------------------------+\n | | TEMP-0841856-B18BAF | | | | |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------\n ...\n\n \n \n**Save the results as JSON** \n\n \n \n $ trivy -f json -o results.json golang:1.12-alpine\n\n \n \nResult \n\n \n \n 2019-05-16T01:46:31.777+0900 INFO Updating vulnerability database...\n 2019-05-16T01:47:03.007+0900 INFO Detecting Alpine vulnerabilities...\n\n \nJSON \n\n \n \n [\n {\n \"Target\": \"php-app/composer.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"node-app/package-lock.json\",\n \"Vulnerabilities\": [\n {\n \"VulnerabilityID\": \"CVE-2018-16487\",\n \"PkgName\": \"lodash\",\n \"InstalledVersion\": \"4.17.4\",\n \"FixedVersion\": \"\\u003e=4.17.11\",\n \"Title\": \"lodash: Prototype pollution in utilities function\",\n \"Description\": \"A prototype pollution vulnerability was found in lodash \\u003c4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://vulners.com/cve/CVE-2018-16487\",\n ]\n }\n ]\n },\n {\n \"Target\": \"trivy-ci-test (alpine 3.7.1)\",\n \"Vulnerabilities\": [\n {\n \"VulnerabilityID\": \"CVE-2018-1 6840\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r1\",\n \"Title\": \"curl: Use-after-free when closing \\\"easy\\\" handle in Curl_close()\",\n \"Description\": \"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. \",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://vulners.com/cve/CVE-2018-16840\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2019-3822\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r2\",\n \"Title\": \"curl: NTLMv2 type-3 header stack buffer overflow\",\n \"Description\": \"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. \",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https:/ /curl.haxx.se/docs/CVE-2019-3822.html\",\n \"https://lists.apache.org/thread.html/some-email@example.com%3Cdevnull.infra.apache.org%3E\"\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-16839\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r1\",\n \"Title\": \"curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()\",\n \"Description\": \"Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-19486\",\n \"PkgName\": \"git\",\n \"InstalledVersion\": \"2.15.2-r0\",\n \"FixedVersion\": \"2.15.3-r0\",\n \"Title\": \"git: Improper handling of PATH allows for commands to be executed from the current directory\",\n \"Description\": \"Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://usn.ubuntu.com/3829-1/\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-17456\",\n \"PkgName\": \"git\",\n \"InstalledVersion\": \"2.15.2-r0\",\n \"FixedVersion\": \"2.15.3-r0\",\n \"Title\": \"git: arbitrary code execution via .gitmodules\",\n \"Description\": \"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows [remote code execution](<https://www.kitploit.com/search/label/Remote%20Code%20Execution> \"remote code execution\" ) during processing of a recursive \\\"git clone\\\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"http://www.securitytracker.com/id/1041811\",\n ]\n }\n ]\n },\n {\n \"Target\": \"python-app/Pipfile.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"ruby-app/Gemfile.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"rust-app/Cargo.lock\",\n \"Vulnerabilities\": null\n }\n ]\n\n \n \n**Filter the vulnerabilities by severities** \n\n \n \n $ trivy --severity HIGH,CRITICAL ruby:2.3.0\n\n \n \nResult \n\n \n \n 2019-05-16T01:51:46.255+0900 INFO Updating vulnerability database...\n 2019-05-16T01:51:49.213+0900 INFO Detecting Debian vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n =======================\n Total: 1785 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1680, CRITICAL: 105)\n \n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of t he |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n +-----------------------------+------------------+ +---------------------------+----------------------------------+-------------------------------------------------+\n | binutils | CVE-2017-8421 | | 2.25-5 | | binutils: Memory exhaustion in |< br/>| | | | | | objdump via a crafted PE file |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-14930 | | | | binutils: Memory leak in |\n | | | | | | decode_line_info |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-7614 | | | | binutils: NULL |\n | | | | | | pointer dereference in |\n | | | | | | bfd_elf_final_link function |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2014-9939 | | | | binutils: buffer overflow in |\n | | | | | | ihex.c |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-13716 | | | | binutils: Memory leak with the |\n | | | | | | C++ symbol demangler routine |\n | | | | | | in libiberty |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2018-12699 | | | | binutils: heap-based buffer |\n | | | | | | overflow in finish_stab in |\n | | | | | | stabs.c |\n +-----------------------------+------------------+ +---------------------------+----------------------------------+-------------------------------------------------+\n | bsdutils | CVE-2015-5224 | | 2.25.2-6 | | util-linux: File name |\n | | | | | | collision due to incorrect |\n | | | | | | mkstemp use |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2016-2779 | | | | util-linux: runuser tty hijack |\n | | | | | | via TIOCSTI ioctl |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n\n \n \n**Filter the vulnerabilities by type** \n\n \n \n $ trivy --vuln-type os ruby:2.3.0\n\nAvailable values: \n\n\n * library\n * os\n \nResult \n\n \n \n 2019-05-22T19:36:50.530+0200 [34mINFO[0m Updating vulnerability database...\n 2019-05-22T19:36:51.681+0200 [34mINFO[0m Detecting Alpine vulnerabilities...\n 2019-05-22T19:36:51.685+0200 [34mINFO[0m Updating npm Security DB...\n 2019-05-22T19:36:52.389+0200 [34mINFO[0m Detecting npm vulnerabilities...\n 2019-05-22T19:36:52.390+0200 [34mINFO[0m Updating pipenv Security DB...\n 2019-05-22T19:36:53.406+0200 [34mINFO[0m Detecting pipenv vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n Total: 4751 (UNKNOWN: 1, LOW: 150, MEDIUM: 3504, HIGH: 1013, CRITICAL: 83)\n \n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------- -----+----------------------------------+\n | curl | CVE-2018-14618 | CRITICAL | 7.61.0-r0 | 7.61.1-r0 | curl: NTLM password overflow |\n | | | | | | via integer overflow |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2018-16839 | HIGH | | 7.61.1-r1 | curl: Integer overflow leading |\n | | | | | | to heap-based buffer overflow in |\n | | | | | | Curl_sasl_create_plain_message() |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |\n | | | | | | stack buffer overflow |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16840 | | | 7.61.1-r1 | curl: Use-after-free when |\n | | | | | | closing \"easy\" handle in |\n | | | | | | Curl_close() |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2019-3823 | MEDIUM | | 7.61.1-r2 | curl: SMTP end-of-response |\n | | | | | | out-of-bounds read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-16890 | | | | curl: NTLM type-2 heap |\n | | | | | | out-of-bounds buffer read |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16842 | | | 7.61.1-r1 | curl: Heap-based buffer |\n | | | | | | over-read in the curl tool |\n | | | | | | warning formatting |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | git | CVE-2018-17456 | HIGH | 2.15.2-r0 | 2.15.3-r0 | git: arbitrary code execution |\n | | | | | | via .gitmodules |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-19486 | | | | git: Improper handling of |\n | | | | | | PATH allows for commands to be |\n | | | | | | executed from... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | libssh2 | CVE-2019-3855 | CRITICAL | 1.8.0-r2 | 1.8.1-r0 | libssh2: Integer overflow in |\n | | | | | | transport read resulting in |\n | | | | | | out of bounds write... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2019-3861 | MEDIUM | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SSH |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3857 | | | | libssh2: Integer overflow in |\n | | | | | | SSH packet processing channel |\n | | | | | | resulting in out of... |\n + +-------------- ----+ + + +----------------------------------+\n | | CVE-2019-3856 | | | | libssh2: Integer overflow in |\n | | | | | | keyboard interactive handling |\n | | | | | | resulting in out of bounds... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3863 | | | | libssh2: Integer overflow |\n | | | | | | in user authenticate |\n | | | | | | keyboard interactive allows |\n | | | | | | out-of-b ounds writes |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3862 | | | | libssh2: Out-of-bounds memory |\n | | | | | | comparison with specially |\n | | | | | | crafted message channel |\n | | | | | | request |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3860 | | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SFTP |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3858 | | | | libssh2: Zero-byte allocation |\n | | | | | | with a specially crafted SFTP |\n | | | | | | packed leading to an... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3859 | | | | libssh2: Unchecked use of |\n | | | | | | _libssh2_packet_require and |\n | | | | | | _libssh2_pack et_requirev |\n | | | | | | resulting in out-of-bounds |\n | | | | | | read |\n +---------+------------------+ +-------------------+---------------+----------------------------------+\n | libxml2 | CVE-2018-14404 | | 2.9.7-r0 | 2.9.8-r1 | libxml2: NULL pointer |\n | | | | | | dereference in |\n | | | | | | xpath.c:xmlXPathCompOpEval() |\n | | | | | | can allow attackers to cause |\n | | | | | | a... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-14567 | | | | libxml2: Infinite loop when |\n | | | | | | --with-lzma is used allows for |\n | | | | | | denial of service... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-9251 | LOW | | | libxml2: infinite loop in |\n | | | | | | xz_decomp function in xzlib.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | openssh | CVE-2019-6109 | MEDIUM | 7.5_p1-r9 | 7.5_p1-r10 | openssh: Missing c haracter |\n | | | | | | encoding in progress display |\n | | | | | | allows for spoofing of scp... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-6111 | | | | openssh: Improper validation |\n | | | | | | of object names allows |\n | | | | | | malicious server to overwrite |\n | | | | | | files... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-20685 | LOW | | | openssh: scp client improper |\n | | | | | | directory name validation |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | sqlite | CVE-2018-20346 | MEDIUM | 3.21.0-r1 | 3.25.3-r0 | CVE-2018-20505 CVE-2018-20506 |\n | | | | | | sqlite: Multiple flaws in |\n | | | | | | sqlite which can be triggered |\n | | | | | | via... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | tar | CVE-2018-20482 | LOW | 1.29-r1 | 1.31-r0 | tar: Infinite read loop in |\n | | | | | | sparse_dump_region function in |\n | | | | | | sparse.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n\n \n**Skip update of vulnerability DB** \n`Trivy` always updates its vulnerability database when it starts operating. This is usually fast, as it is a difference update. But if you want to skip even that, use the `--skip-update` option. \n\n \n \n $ trivy --skip-update python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:48:08.703+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n\n \n \n**Update only specified distributions** \nBy default, `Trivy` always updates its vulnerability database for all distributions. Use the `--only-update` option if you want to name specified distributions to update. \n\n \n \n $ trivy --only-update alpine,debian python:3.4-alpine3.9\n $ trivy --only-update alpine python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-21T19:37:06.301+0900 INFO Updating vulnerability database...\n 2019-05-21T19:37:07.793+0900 INFO Updating alpine data...\n 2019-05-21T19:37:08.127+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+----------------- -+----------+-------------------+---------------+--------------------------------+\n\n \n \n**Ignore unfixed vulnerabilities** \nBy default, `Trivy` also detects unpatched/unfixed vulnerabilities. This means you can't fix these vulnerabilities even if you update all packages. If you would like to ignore them, use the `--ignore-unfixed` option. \n\n \n \n $ trivy --ignore-unfixed ruby:2.3.0\n\n \n \nResult \n\n \n \n 2019-05-16T12:49:52.656+0900 INFO Updating vulnerability database...\n 2019-05-16T12:50:14.786+0900 INFO Detecting Debian vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n =======================\n Total: 4730 (UNKNOWN: 1, LOW: 145, MEDIUM: 3487, HIGH: 1014, CRITICAL: 83)\n \n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | I ncorrect sanitation of the |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n + +------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian |\n | | | | | | jessie before 1.0.9.8.4, in |\n | | | | | | Debian unstable before... |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +------------------+ + +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n + +------------------+----------+ + +-----------------------------------------------------+\n | | CVE-2016-0634 | MEDIUM | | | bash: Arbitrary code execution |\n | | | | | | via malicious hostname |\n + +------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n ...\n\n \n \n**Specify exit code** \nBy default, `Trivy` exits with code 0 even when vulnerabilities are detected. Use the `--exit-code` option if you want to exit with a non-zero exit code. \n\n \n \n $ trivy --exit-code 1 python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:51:43.500+0900 INFO Updating vulnerability database...\n 2019-05-16T12:52:00.387+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n \nThis option is useful for CI/CD. In the following example, the test will fail only when a critical vulnerability is found. \n\n \n \n $ trivy --exit-code 0 --severity MEDIUM,HIGH ruby:2.3.0\n $ trivy --exit-code 1 --severity CRITICAL ruby:2.3.0\n\n \n**Ignore the specified vulnerabilities** \nUse `.trivyignore`. \n\n \n \n $ cat .trivyignore\n # Accept the risk\n CVE-2018-14618\n \n # No impact in our settings\n CVE-2019-1543\n \n $ trivy python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:53:10.076+0900 INFO Updating vulnerability database...\n 2019-05-16T12:53:28.134+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n \n\n \n \n**Specify cache directory** \n\n \n \n $ trivy --cache-dir /tmp/trivy/ python:3.4-alpine3.9\n\n \n**Clear image caches** \nThe `--clear-cache` option removes image caches. This option is useful if the image which has the same tag is updated (such as when using `latest` tag). \n\n \n \n $ trivy --clear-cache python:3.7\n\n \n \nResult \n\n \n \n 2019-05-16T12:55:24.749+0900 INFO Removing image caches...\n 2019-05-16T12:55:24.769+0900 INFO Updating vulnerability database...\n 2019-05-16T12:56:14.055+0900 INFO Detecting Debian vulnerabilities...\n \n python:3.7 (debian 9.9)\n =======================\n Total: 3076 (UNKNOWN: 0, LOW: 127, MEDIUM: 2358, HIGH: 578, CRITICAL: 13)\n \n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n | apt | CVE-2011-3374 | LOW | 1.4.9 | | |\n +------------------------------+---------------------+ +--------------------------+------------------+-------------------------------------------------------+\n | bash | TEMP-0841856-B18BAF | | 4.4-5 | | |\n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n ...\n\n \n \n**Reset** \nThe `--reset` option removes all caches and database. After this, it takes a long time as the vulnerability database needs to be rebuilt locally. \n\n \n \n $ trivy --reset\n\n \n \nResult \n\n \n \n 2019-05-16T13:05:31.935+0900 INFO Resetting...\n\n \n \n**Continuous Integration (CI)** \nScan your image built in Travis CI/CircleCI. The test will fail if a vulnerability is found. When you don't want to fail the test, specify `--exit-code 0` . \n**Note**: It will take a while for the first time (faster by cache after the second time). \n \n**Travis CI** \n\n \n \n $ cat .travis.yml\n services:\n - docker\n \n env:\n global:\n - COMMIT=${TRAVIS_COMMIT::8}\n \n before_install:\n - docker build -t trivy-ci-test:${COMMIT} .\n - export VERSION=$(curl --silent \"https://api.github.com/repos/aquasecurity/trivy/releases/latest\" | grep '\"tag_name\":' | sed -E 's/.*\"v([^\"]+)\".*/\\1/')\n - wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n - tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz\n script:\n - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh trivy-ci-test:${COMMIT}\n - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh trivy-ci-test:${COMMIT}\n cache:\n directories:\n - $HOME/.cache/trivy\n\nExample: <https://travis-ci.org/aquasecurity/trivy-ci-test> \nRepository: <https://github.com/aquasecurity/trivy-ci-test> \n \n**CircleCI** \n\n \n \n $ cat .circleci/config.yml\n jobs:\n build:\n docker:\n - image: docker:18.09-git\n steps:\n - checkout\n - setup_remote_docker\n - restore_cache:\n key: vulnerability-db\n - run:\n name: Build image\n command: docker build -t trivy-ci-test:${CIRCLE_SHA1} .\n - run:\n name: Install trivy\n command: |\n apk add --update curl\n VERSION=$(\n curl --silent \"https://api.github.com/repos/aquasecurity/trivy/releases/latest\" | \\\n grep '\"tag_name\":' | \\\n sed -E 's/.*\"v([^\"]+)\".*/\\1/'\n )\n \n wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz\n mv trivy /usr/local/bin\n - run:\n name: Scan the lo cal image with trivy\n command: trivy --exit-code 0 --no-progress --auto-refresh trivy-ci-test:${CIRCLE_SHA1}\n - save_cache:\n key: vulnerability-db\n paths:\n - $HOME/.cache/trivy\n workflows:\n version: 2\n release:\n jobs:\n - build\n\nExample: <https://circleci.com/gh/aquasecurity/trivy-ci-test> \nRepository: <https://github.com/aquasecurity/trivy-ci-test> \n \n**Authorization for Private Docker Registry** \nTrivy can download images from private registry, without installing `Docker` and any 3rd party tools. That's because it's easy to run in a CI process. \nAll you have to do is install `Trivy` and set ENV vars. But, I can't recommend using ENV vars in your local machine to you. \n \n**Docker Hub** \nDocker Hub needs `TRIVY_AUTH_URL`, `TRIVY_USERNAME` and `TRIVY_PASSWORD`. You don't need to set ENV vars when download from public repository. \n\n \n \n export TRIVY_AUTH_URL=https://registry.hub.docker.com\n export TRIVY_USERNAME={DOCKERHUB_USERNAME}\n export TRIVY_PASSWORD={DOCKERHUB_PASSWORD}\n\n \n**Amazon ECR (Elastic Container Registry)** \nTrivy uses AWS SDK. You don't need to install `aws` CLI tool. You can use [AWS CLI's ENV Vars](<https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html> \"AWS CLI's ENV Vars\" ). \n \n**GCR (Google Container Registry)** \nTrivy uses Google Cloud SDK. You don't need to install `gcloud` command. \nIf you want to use target project's repository, you can settle via `GOOGLE_APPLICATION_CREDENTIAL`. \n\n \n \n # must set TRIVY_USERNAME empty char\n export GOOGLE_APPLICATION_CREDENTIALS=/path/to/credential.json\n\n \n**Self Hosted Registry (BasicAuth)** \nBasicAuth server needs `TRIVY_USERNAME` and `TRIVY_PASSWORD`. \n\n \n \n export TRIVY_USERNAME={USERNAME}\n export TRIVY_PASSWORD={PASSWORD}\n \n # if you want to use 80 port, use NonSSL\n export TRIVY_NON_SSL=true\n\n \n**Vulnerability Detection** \n \n**OS Packages** \nThe unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. \nOS | Supported Versions | Target Packages | Detection of unfixed vulnerabilities \n---|---|---|--- \nAlpine Linux | 2.2 - 2.7, 3.0 - 3.10 | Installed by apk | NO \nRed Hat Universal Base Image | 7, 8 | Installed by yum/rpm | YES \nRed Hat Enterprise Linux | 6, 7, 8 | Installed by yum/rpm | YES \nCentOS | 6, 7 | Installed by yum/rpm | YES \nDebian GNU/Linux | wheezy, jessie, stretch, buster | Installed by apt/apt-get/dpkg | YES \nUbuntu | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 | Installed by apt/apt-get/dpkg | YES \nRHEL and CentOS package information is stored in a binary format, and Trivy uses the `rpm` executable to parse this information when scanning an image based on RHEL or CentOS. The Trivy container image includes `rpm`, and the installers include it as a dependency. If you installed the `trivy` binary using `wget` or `curl`, or if you build it from source, you will also need to ensure that `rpm` is available. \n \n**Application Dependencies** \n`Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies. \n\n\n * Gemfile.lock\n * Pipfile.lock\n * poetry.lock\n * composer.lock\n * package-lock.json\n * yarn.lock\n * Cargo.lock\nThe path of these files does not matter. \nExample: <https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile> \n \n**Data source** \n\n\n * PHP \n * <https://github.com/FriendsOfPHP/security-advisories>\n * Python \n * <https://github.com/pyupio/safety-db>\n * Ruby \n * <https://github.com/rubysec/ruby-advisory-db>\n * Node.js \n * <https://github.com/nodejs/security-wg>\n * Rust \n * <https://github.com/RustSec/advisory-db>\n \n**Usage** \n\n \n \n NAME:\n trivy - A simple and comprehensive vulnerability scanner for containers\n USAGE:\n trivy [options] image_name\n VERSION:\n 0.1.6\n OPTIONS:\n --format value, -f value format (table, json) (default: \"table\")\n --input value, -i value input file path instead of image name\n --severity value, -s value severities of vulnerabilities to be displayed (comma separated) (default: \"UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL\")\n --output value, -o value output file name\n --exit-code value Exit code when vulnerabilities were found (default: 0)\n --skip-update skip db update\n --only-update value update db only specified distribution (comma separated)\n --reset remove all caches and database\n --clear-cache, -c clear image caches\n --quiet, -q suppress progress bar and log output\n --no-progress suppress progress bar\n - -ignore-unfixed display only fixed vulnerabilities\n --refresh refresh DB (usually used after version update of trivy)\n --auto-refresh refresh DB automatically when updating version of trivy\n --debug, -d debug mode\n --vuln-type value comma-separated list of vulnerability types (os,library) (default: \"os,library\")\n --cache-dir value cache directory (default: \"/path/to/cache\")\n --help, -h show help\n --version, -v print the version\n\n \n \n**Migration** \nOn 19 August 2019, Trivy's repositories moved from `knqyf263/trivy` to `aquasecurity/trivy`. If you previously installed Trivy you should update any scripts or package manager records as described in this section. \n \n**Overview** \nIf you have a script that installs Trivy (for example into your CI pipelines) you should update it to obtain it from the new location by replacing knqyf263/trivy with aquasecurity/trivy. \nFor example: \n\n \n \n # Before\n $ wget https://github.com/knqyf263/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n \n # After\n $ wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n\n \n**CentOS/RedHat** \nUse [https://aquasecurity.github.io](<https://aquasecurity.github.io/> \"https://aquasecurity.github.io\" ) instead of [https://knqyf263.github.io](<https://knqyf263.github.io/> \"https://knqyf263.github.io\" ). \n\n \n \n $ yum remove trivy\n $ sed -i s/knqyf263/aquasecurity/g /etc/yum.repos.d/trivy.repo\n $ yum update\n $ yum install trivy\n\n \n**Debian/Ubuntu** \nUse [https://aquasecurity.github.io](<https://aquasecurity.github.io/> \"https://aquasecurity.github.io\" ) instead of [https://knqyf263.github.io](<https://knqyf263.github.io/> \"https://knqyf263.github.io\" ). \n\n \n \n $ apt-get remove --purge trivy\n $ sed -i s/knqyf263/aquasecurity/g /etc/apt/sources.list.d/trivy.list\n $ apt-get update\n $ apt-get install trivy\n\n \n**Homebrew** \nTap aquasecurity/trivy \n\n \n \n $ brew uninstall --force trivy\n $ brew untap knqyf263/trivy\n $ brew install aquasecurity/trivy/trivy\n\n \n**Binary (Including Windows)** \nNo need to fix. \n \n**Others** \n \n**Detected version update of trivy. Please try again with --refresh option** \nTry again with `--refresh` option: \n\n \n \n $ trivy --refresh alpine:3.9\n\n \n**Unknown error** \nTry again with `--reset` option: \n\n \n \n $ trivy --reset\n\n \n**Credits** \n\n\n * Special thanks to [Tomoya Amachi](<https://github.com/tomoyamachi> \"Tomoya Amachi\" )\n * Special thanks to [Masahiro Fujimura](<https://github.com/masahiro331> \"Masahiro Fujimura\" )\n * Special thanks to [Naoki Harima](<https://github.com/XapiMa> \"Naoki Harima\" )\n \n**Author** \nTeppei Fukuda (knqyf263) \n \n \n\n\n**[Download Trivy](<https://github.com/aquasecurity/trivy> \"Download Trivy\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-05T12:00:00", "type": "kitploit", "title": "Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3374", "CVE-2014-9939", "CVE-2015-5224", "CVE-2016-0634", "CVE-2016-1252", "CVE-2016-2779", "CVE-2016-5385", "CVE-2016-7543", "CVE-2016-9401", "CVE-2017-13716", "CVE-2017-14930", "CVE-2017-7614", "CVE-2017-8421", "CVE-2018-12699", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-14618", "CVE-2018-16487", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-17456", "CVE-2018-19486", "CVE-2018-20346", "CVE-2018-20482", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20685", "CVE-2018-3721", "CVE-2018-3741", "CVE-2018-9251", "CVE-2019-11358", "CVE-2019-1543", "CVE-2019-3462", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-5428", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-6975", "CVE-2019-9924"], "modified": "2019-11-05T12:00:00", "id": "KITPLOIT:7323577050718865961", "href": "http://www.kitploit.com/2019/11/trivy-simple-and-comprehensive.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2021-10-22T15:44:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-07-16T00:00:00", "title": "Oracle Critical Patch Update Advisory - July 2019", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2794", "CVE-2019-2853", "CVE-2019-2820", "CVE-2019-0220", "CVE-2018-19362", "CVE-2015-9251", "CVE-2019-2768", "CVE-2019-5598", "CVE-2019-2839", "CVE-2019-2484", "CVE-2019-2842", "CVE-2019-2793", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2019-2867", "CVE-2019-2824", "CVE-2018-0732", "CVE-2019-2740", "CVE-2019-2818", "CVE-2016-7103", "CVE-2019-2743", "CVE-2018-11055", "CVE-2018-1000180", "CVE-2019-2672", "CVE-2018-1304", "CVE-2019-2855", "CVE-2018-17960", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-11358", "CVE-2019-2788", "CVE-2019-2825", "CVE-2019-0217", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2015-0227", "CVE-2019-2878", "CVE-2019-2807", "CVE-2019-2784", "CVE-2018-1275", "CVE-2019-2856", "CVE-2019-2879", "CVE-2018-7489", "CVE-2018-19361", "CVE-2016-6306", "CVE-2019-2838", "CVE-2019-2770", "CVE-2019-2785", "CVE-2019-2762", "CVE-2016-2183", "CVE-2019-2799", "CVE-2018-0734", "CVE-2019-2817", "CVE-2018-5407", "CVE-2019-0190", "CVE-2019-2736", "CVE-2016-9878", "CVE-2017-3735", "CVE-2019-2781", "CVE-2019-7317", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-14719", "CVE-2016-3473", "CVE-2019-2599", "CVE-2019-3823", "CVE-2019-6129", "CVE-2019-2764", "CVE-2018-1000121", "CVE-2019-2808", "CVE-2019-2833", "CVE-2019-2749", "CVE-2018-11039", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2845", "CVE-2019-2816", "CVE-2019-2761", "CVE-2019-2850", "CVE-2019-2830", "CVE-2019-2847", "CVE-2018-11307", "CVE-2019-0192", "CVE-2019-0211", "CVE-2018-14720", "CVE-2019-2805", "CVE-2019-2854", "CVE-2019-2782", "CVE-2019-2810", "CVE-2018-18311", "CVE-2019-2748", "CVE-2019-2754", "CVE-2019-2778", "CVE-2019-2852", "CVE-2019-2826", "CVE-2019-2862", "CVE-2019-2789", "CVE-2019-2759", "CVE-2016-0701", "CVE-2019-0232", "CVE-2017-3737", "CVE-2019-2732", "CVE-2019-2745", "CVE-2019-12814", "CVE-2019-2860", "CVE-2019-2737", "CVE-2019-2777", "CVE-2018-12022", "CVE-2019-2877", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2837", "CVE-2019-0199", "CVE-2019-2841", "CVE-2019-2776", "CVE-2018-1000122", "CVE-2019-2730", "CVE-2018-1305", "CVE-2019-2666", "CVE-2019-2763", "CVE-2019-2846", "CVE-2019-2790", "CVE-2019-2848", "CVE-2018-11057", "CVE-2015-0226", "CVE-2018-16890", "CVE-2019-1543", "CVE-2016-8610", "CVE-2019-2733", "CVE-2019-2752", "CVE-2018-1000873", "CVE-2018-11056", "CVE-2018-11775", "CVE-2018-0735", "CVE-2017-5647", "CVE-2019-2829", "CVE-2019-2751", "CVE-2018-1257", "CVE-2017-5715", "CVE-2019-2738", "CVE-2018-14721", "CVE-2019-2803", "CVE-2019-2767", "CVE-2019-2775", "CVE-2019-2727", "CVE-2016-6497", "CVE-2019-2668", "CVE-2018-3111", "CVE-2014-0114", "CVE-2019-2823", "CVE-2018-3315", "CVE-2019-0215", "CVE-2019-2821", "CVE-2019-5597", "CVE-2018-0739", "CVE-2019-2771", "CVE-2019-2843", "CVE-2019-2861", "CVE-2018-8034", "CVE-2018-15769", "CVE-2019-2757", "CVE-2019-2831", "CVE-2019-2865", "CVE-2019-2815", "CVE-2019-2796", "CVE-2018-1000613", "CVE-2016-9572", "CVE-2019-0197", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2018-8013", "CVE-2019-2866", "CVE-2019-2769", "CVE-2019-0196", "CVE-2018-1272", "CVE-2019-2741", "CVE-2017-7525", "CVE-2019-2840", "CVE-2019-2835", "CVE-2019-2783", "CVE-2017-3164", "CVE-2018-1270", "CVE-2019-2809", "CVE-2019-2728", "CVE-2017-5664", "CVE-2019-2772", "CVE-2019-2791", "CVE-2016-5007", "CVE-2019-2875", "CVE-2019-2760", "CVE-2018-19360", "CVE-2018-0733", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2792", "CVE-2019-2774", "CVE-2019-2812", "CVE-2016-8735", "CVE-2019-2836", "CVE-2018-17189", "CVE-2019-2859", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2750", "CVE-2019-0222", "CVE-2019-2779", "CVE-2019-2766", "CVE-2019-2804", "CVE-2019-2871", "CVE-2018-11058", "CVE-2019-2744", "CVE-2019-2725", "CVE-2019-2746", "CVE-2019-2868", "CVE-2019-1559", "CVE-2018-3316", "CVE-2018-17197", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2569", "CVE-2019-2870", "CVE-2019-2873", "CVE-2019-2827", "CVE-2019-2735", "CVE-2017-3736", "CVE-2019-2813", "CVE-2019-2864", "CVE-2019-2828", "CVE-2019-2869", "CVE-2019-2780", "CVE-2019-2834", "CVE-2018-0737", "CVE-2019-2742", "CVE-2019-2844", "CVE-2019-2786", "CVE-2019-2876", "CVE-2019-2822", "CVE-2018-2883", "CVE-2019-2819", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2561", "CVE-2019-2858", "CVE-2019-2755", "CVE-2018-11054", "CVE-2019-2801", "CVE-2016-6814", "CVE-2018-9861", "CVE-2019-2857", "CVE-2016-1000031", "CVE-2018-1000301", "CVE-2019-2874", "CVE-2019-2753", "CVE-2019-2756", "CVE-2018-12023", "CVE-2019-2787", "CVE-2018-8039", "CVE-2019-2773", "CVE-2019-2729", "CVE-2019-2863", "CVE-2019-2832"], "modified": "2020-10-12T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2494878.1>).\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-04-16T00:00:00", "title": " Oracle Critical Patch Update Advisory - April 2019", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2663", "CVE-2019-2688", "CVE-2019-2679", "CVE-2018-19362", "CVE-2017-5533", "CVE-2018-11218", "CVE-2015-9251", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2677", "CVE-2019-2655", "CVE-2019-2678", "CVE-2019-2617", "CVE-2017-9798", "CVE-2019-2582", "CVE-2019-2618", "CVE-2019-2685", "CVE-2018-3693", "CVE-2018-0732", "CVE-2016-7103", "CVE-2019-2683", "CVE-2017-5753", "CVE-2019-2612", "CVE-2017-5754", "CVE-2018-1000180", "CVE-2019-2726", "CVE-2014-7923", "CVE-2018-1304", "CVE-2019-2616", "CVE-2017-8287", "CVE-2019-2704", "CVE-2019-2565", "CVE-2019-2587", "CVE-2019-2639", "CVE-2019-2703", "CVE-2018-1000004", "CVE-2019-2647", "CVE-2019-2574", "CVE-2019-2706", "CVE-2019-2598", "CVE-2019-2614", "CVE-2018-2880", "CVE-2018-7566", "CVE-2018-12384", "CVE-2015-5922", "CVE-2018-7489", "CVE-2018-19361", "CVE-2019-2689", "CVE-2019-2596", "CVE-2017-15265", "CVE-2018-0734", "CVE-2019-2700", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2651", "CVE-2017-7867", "CVE-2019-2611", "CVE-2018-5407", "CVE-2019-0190", "CVE-2018-0495", "CVE-2019-2595", "CVE-2019-2681", "CVE-2017-3735", "CVE-2019-2603", "CVE-2019-2660", "CVE-2019-2580", "CVE-2018-15756", "CVE-2018-14719", "CVE-2019-3823", "CVE-2017-0861", "CVE-2019-2697", "CVE-2019-2517", "CVE-2019-2662", "CVE-2016-3092", "CVE-2019-2709", "CVE-2018-11039", "CVE-2018-11761", "CVE-2018-12539", "CVE-2019-2579", "CVE-2018-11307", "CVE-2019-2566", "CVE-2019-2576", "CVE-2019-2551", "CVE-2014-7940", "CVE-2018-14720", "CVE-2018-16865", "CVE-2019-2571", "CVE-2019-2664", "CVE-2015-1832", "CVE-2016-0635", "CVE-2019-2558", "CVE-2019-2686", "CVE-2018-3120", "CVE-2018-14718", "CVE-2019-2602", "CVE-2019-2722", "CVE-2019-2573", "CVE-2016-7055", "CVE-2019-2605", "CVE-2018-16864", "CVE-2018-10901", "CVE-2014-9515", "CVE-2019-2633", "CVE-2015-3253", "CVE-2017-3731", "CVE-2014-9654", "CVE-2019-2583", "CVE-2019-2601", "CVE-2019-2673", "CVE-2019-2650", "CVE-2019-2687", "CVE-2018-12022", "CVE-2019-2682", "CVE-2018-20685", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2621", "CVE-2019-2640", "CVE-2019-2642", "CVE-2019-2567", "CVE-2018-1305", "CVE-2017-17484", "CVE-2019-2713", "CVE-2018-11219", "CVE-2019-2645", "CVE-2018-16890", "CVE-2018-12404", "CVE-2019-2623", "CVE-2019-2701", "CVE-2018-3646", "CVE-2018-11237", "CVE-2018-11775", "CVE-2019-2572", "CVE-2019-2720", "CVE-2018-0735", "CVE-2019-2692", "CVE-2019-2581", "CVE-2019-2589", "CVE-2018-6485", "CVE-2018-1257", "CVE-2019-2691", "CVE-2014-8147", "CVE-2019-2698", "CVE-2019-2712", "CVE-2017-8105", "CVE-2019-2646", "CVE-2018-14721", "CVE-2018-8088", "CVE-2019-3772", "CVE-2019-2694", "CVE-2018-3314", "CVE-2019-2619", "CVE-2014-0114", "CVE-2019-2630", "CVE-2017-3732", "CVE-2019-2613", "CVE-2019-2629", "CVE-2018-0739", "CVE-2019-2670", "CVE-2019-2636", "CVE-2019-2564", "CVE-2019-2693", "CVE-2019-2609", "CVE-2019-2577", "CVE-2018-8034", "CVE-2019-2631", "CVE-2019-2649", "CVE-2019-2578", "CVE-2019-2684", "CVE-2019-2699", "CVE-2019-2656", "CVE-2019-2653", "CVE-2019-2591", "CVE-2018-1000613", "CVE-2014-9911", "CVE-2019-2570", "CVE-2018-8013", "CVE-2016-7415", "CVE-2019-2648", "CVE-2019-2707", "CVE-2018-3620", "CVE-2019-2632", "CVE-2019-2628", "CVE-2018-0161", "CVE-2019-2641", "CVE-2018-11236", "CVE-2014-8146", "CVE-2017-7525", "CVE-2019-2723", "CVE-2019-2635", "CVE-2018-3123", "CVE-2019-2615", "CVE-2019-2638", "CVE-2019-2597", "CVE-2016-6293", "CVE-2018-3312", "CVE-2014-7926", "CVE-2019-2676", "CVE-2017-3733", "CVE-2017-5664", "CVE-2019-2696", "CVE-2018-19360", "CVE-2018-11763", "CVE-2018-0733", "CVE-2019-2654", "CVE-2019-2643", "CVE-2019-2644", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2627", "CVE-2019-2708", "CVE-2019-2665", "CVE-2019-2658", "CVE-2016-8735", "CVE-2019-2424", "CVE-2018-17189", "CVE-2019-2516", "CVE-2017-3738", "CVE-2019-2607", "CVE-2019-2671", "CVE-2019-2705", "CVE-2019-2721", "CVE-2019-2588", "CVE-2019-2675", "CVE-2019-1559", "CVE-2019-2604", "CVE-2017-7868", "CVE-2019-2594", "CVE-2019-2669", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2586", "CVE-2019-2661", "CVE-2019-2657", "CVE-2017-12617", "CVE-2019-3822", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2568", "CVE-2019-2690", "CVE-2019-2610", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2702", "CVE-2019-2622", "CVE-2019-2626", "CVE-2019-2637", "CVE-2019-2518", "CVE-2018-0737", "CVE-2017-14952", "CVE-2014-0107", "CVE-2019-2674", "CVE-2019-2575", "CVE-2019-2652", "CVE-2019-2584", "CVE-2016-2141", "CVE-2019-2557", "CVE-2019-2719", "CVE-2019-2680", "CVE-2018-11040", "CVE-2017-3730", "CVE-2019-2659", "CVE-2019-2585", "CVE-2019-2625", "CVE-2016-1000031", "CVE-2019-2590", "CVE-2018-12023", "CVE-2018-1656", "CVE-2019-2600", "CVE-2019-2608"], "modified": "2019-05-28T00:00:00", "id": "ORACLE:CPUAPR2019", "href": "https://www.oracle.com/security-alerts/cpuapr2019.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}