CVE-2019-5436

Опубликовано: 28 мая 2019

Источник: debian

EPSS Средний

Описание

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Пакет	Статус	Версия исправления	Релиз	Тип
curl	fixed	7.64.0-4		package
curl	fixed	7.52.1-5+deb9u10	stretch	package

https://curl.haxx.se/docs/CVE-2019-5436.html
Introduced by: https://github.com/curl/curl/commit/0516ce7786e95
Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275

EPSS

Процентиль: 96%

0.29542

Средний

CVE-2019-5436

CVSS3: 7.8

ubuntu

около 6 лет назад

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

CVE-2019-5436

CVSS3: 7

redhat

около 6 лет назад

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

CVE-2019-5436

CVSS3: 7.8

nvd

около 6 лет назад

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

openSUSE-SU-2019:1508-1

suse-cvrf

около 6 лет назад

Security update for curl

openSUSE-SU-2019:1492-1

suse-cvrf

около 6 лет назад

Security update for curl

EPSS

Процентиль: 96%

0.29542

Средний