Lucene search

K

Veracode Vulnerability DatabaseVERACODE:19620

HistoryMay 16, 2019 - 3:21 a.m.

Buffer Overflow

2019-05-1603:21:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

curl is vulnerable to buffer overflow vulnerability. The vulnerability occurs when doing a large floating point output in libcurl’s implementation of the printf() functions. The application accepts input format strings without doing a necessary input filtering. A remote attacker could send a format string from the outside causing a memory corruption.

CPENameOperatorVersion
httpd24-curleq7.47.1__4.el7
httpd24-curleq7.47.1__1.1.el7
httpd24-curleq7.47.1__1.1.el6
httpd24-httpdeq2.4.27__8.el6.1
httpd24-httpdeq2.4.25__9.el6
httpd24-httpdeq2.4.27__8.el7.1
httpd24-httpdeq2.4.27__8.el7
httpd24-httpdeq2.4.27__8.el6
httpd24-httpdeq2.4.18__10.el6
httpd24-httpdeq2.4.25__9.el7

Rows per page:

1-10 of 221

References

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/95019

www.securitytracker.com/id/1037515

access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-RHSCL-Changes-httpd

access.redhat.com/errata/RHSA-2018:3558

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1518737

bugzilla.redhat.com/show_bug.cgi?id=1540167

bugzilla.redhat.com/show_bug.cgi?id=1558450

bugzilla.redhat.com/show_bug.cgi?id=1628389

bugzilla.redhat.com/show_bug.cgi?id=1633260

bugzilla.redhat.com/show_bug.cgi?id=1634830

bugzilla.redhat.com/show_bug.cgi?id=1640722

bugzilla.redhat.com/show_bug.cgi?id=1646937

bugzilla.redhat.com/show_bug.cgi?id=1648928

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586

curl.haxx.se/docs/adv_20161221A.html

github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

lists.debian.org/debian-lts-announce/2018/11/msg00005.html

security.gentoo.org/glsa/201701-47

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:19620

cve1 amazon1 nessus19 alpinelinux1 openvas19 altlinux1 freebsd1 prion1 debiancve1 fedora2 debian2 redhatcve1 osv2 ubuntucve1 archlinux6 ibm5 cloudfoundry1 ubuntu2 ics1 mageia1 gentoo1 rosalinux1 redhat1 apple4 suse3 oracle1