CVE-2019-5435 - OpenCVE

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Haxx	Curl

Configuration 1 [-]

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

References

Link	Resource
https://curl.haxx.se/docs/CVE-2019-5435.html	Exploit Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
https://security.gentoo.org/glsa/202003-29
https://security.netapp.com/advisory/ntap-20190606-0004/
https://support.f5.com/csp/article/K08125515
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2019-05-28T18:44:01

Updated: 2020-10-20T21:15:00

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5435

JSON object: View

NVD Information

Status : Modified

Published: 2019-05-28T19:29:06.080

Modified: 2023-11-07T03:11:35.163

Link: CVE-2019-5435

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "curl", "vendor": "curl", "versions": [{"status": "affected", "version": "Fixed in 7.65.0"}]}], "datePublic": "2019-05-22T00:00:00", "descriptions": [{"lang": "en", "value": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-131", "description": "Incorrect Calculation of Buffer Size (CWE-131)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:15:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"name": "FEDORA-2019-697de0501f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/"}, {"name": "GLSA-202003-29", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-29"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://curl.haxx.se/docs/CVE-2019-5435.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190606-0004/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K08125515"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-5435", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "curl", "version": {"version_data": [{"version_value": "Fixed in 7.65.0"}]}}]}, "vendor_name": "curl"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Calculation of Buffer Size (CWE-131)"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2019-697de0501f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/"}, {"name": "GLSA-202003-29", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-29"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://curl.haxx.se/docs/CVE-2019-5435.html", "refsource": "CONFIRM", "url": "https://curl.haxx.se/docs/CVE-2019-5435.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190606-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190606-0004/"}, {"name": "https://support.f5.com/csp/article/K08125515", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K08125515"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-5435", "datePublished": "2019-05-28T18:44:01", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2020-10-20T21:15:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F2889DB-915B-42C2-8DD5-DC83B4940621", "versionEndIncluding": "7.64.1", "versionStartIncluding": "7.62.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1."}, {"lang": "es", "value": "Un desbordamiento de enteros en la API de URL de curl, da como resultado un desbordamiento de b\u00fafer en libcurl en la versi\u00f3n 7.62.0 hasta la 7.64.1 incluyendola."}], "id": "CVE-2019-5435", "lastModified": "2023-11-07T03:11:35.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-28T19:29:06.080", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://curl.haxx.se/docs/CVE-2019-5435.html"}, {"source": "support@hackerone.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/"}, {"source": "support@hackerone.com", "url": "https://security.gentoo.org/glsa/202003-29"}, {"source": "support@hackerone.com", "url": "https://security.netapp.com/advisory/ntap-20190606-0004/"}, {"source": "support@hackerone.com", "url": "https://support.f5.com/csp/article/K08125515"}, {"source": "support@hackerone.com", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "support@hackerone.com", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "support@hackerone.com", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-131"}], "source": "support@hackerone.com", "type": "Secondary"}]}