7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
libcurl.so is vulnerable to denial of service (DoS). The vulnerability is possible because it does not properly handle the end-of-response for SMTP, leading to an out-of-bounds read if the strtol()
function is called. Therefore, it causes reading beyond the allocated buffer.
CPE | Name | Operator | Version |
---|---|---|---|
libcurl.so | le | 4.5.0 | |
curl | eq | 7.61.1__8.el8 | |
curl:xenial | eq | 7.47.0-1ubuntu2 | |
curl:trusty | eq | 7.35.0-1ubuntu2 | |
curl:bionic | eq | 7.58.0-2ubuntu3 |
www.securityfocus.com/bid/106950
access.redhat.com/errata/RHSA-2019:3701
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823
cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
curl.haxx.se/docs/CVE-2019-3823.html
lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E
security.gentoo.org/glsa/201903-03
security.netapp.com/advisory/ntap-20190315-0001/
usn.ubuntu.com/3882-1/
www.debian.org/security/2019/dsa-4386
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P