CVE-2019-5436
Description
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2019-5436
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2019-5436.html
Vendor advisory: arch — https://security.archlinux.org/ASA-201905-11
Vendor advisory: arch — https://security.archlinux.org/ASA-201905-12
Vendor advisory: arch — https://security.archlinux.org/ASA-201905-13
Vendor advisory: arch — https://security.archlinux.org/ASA-201905-14
Vendor advisory: arch — https://security.archlinux.org/ASA-201905-15
Vendor advisory: arch — https://security.archlinux.org/ASA-201905-16
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 7.65.0-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 7.64.0-4 |
| debian | bullseye | fixed | 7.64.0-4 |
| debian | forky | fixed | 7.64.0-4 |
| debian | sid | fixed | 7.64.0-4 |
| debian | trixie | fixed | 7.64.0-4 |
References
- https://security.archlinux.org/ASA-201905-16
- https://security.archlinux.org/ASA-201905-15
- https://security.archlinux.org/ASA-201905-14
- https://security.archlinux.org/ASA-201905-13
- https://security.archlinux.org/ASA-201905-12
- https://security.archlinux.org/ASA-201905-11
- https://www.suse.com/security/cve/CVE-2019-5436.html
- https://security-tracker.debian.org/tracker/CVE-2019-5436
Verify integrity in audit chain (admin only). AS-IS.