Lucene search

K
nvd[email protected]NVD:CVE-2019-5436
HistoryMay 28, 2019 - 7:29 p.m.

CVE-2019-5436

2019-05-2819:29:06
CWE-122
CWE-787
web.nvd.nist.gov
6
cve-2019-5436
dos
arbitrary code execution
libcurl
tftp

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.053

Percentile

93.1%

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Affected configurations

Nvd
Node
haxxlibcurlRange7.19.47.64.1
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
OR
opensuseleapMatch42.3
Node
fedoraprojectfedoraMatch29
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
f5traffix_signaling_delivery_controllerRange5.0.05.1.0
Node
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
oracleenterprise_manager_ops_centerMatch12.3.3
OR
oracleenterprise_manager_ops_centerMatch12.4.0
OR
oraclemysql_serverRange5.7.27
OR
oraclemysql_serverRange5.7.288.0.17
OR
oracleoss_support_toolsMatch20.0
VendorProductVersionCPE
haxxlibcurl*cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
opensuseleap15.0cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
opensuseleap42.3cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
fedoraprojectfedora29cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
f5traffix_signaling_delivery_controller*cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 151

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.053

Percentile

93.1%