CVE-2019-5482 - Vulnerability Details

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Haxx	Curl
Netapp	Cloud Backup Oncommand Insight Oncommand Unified Manager Oncommand Workflow Automation Snapcenter Steelstore Cloud Integrated Storage
Opensuse	Leap
Oracle	Communications Operations Monitor Communications Session Border Controller Enterprise Manager Ops Center Http Server Hyperion Essbase Mysql Server Oss Support Tools
Redhat	Enterprise Linux Jboss Core Services Openshift Do Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::vmware_vsphere::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.0:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.1:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.2:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*
	cpe:2.3:a:oracle:communications_session_border_controller:8.3:::::::*
	cpe:2.3:a:oracle:communications_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:hyperion_essbase:11.1.2.4:::::::*
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:oss_support_tools:20.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Package	CPE	Advisory	Released Date
JBoss Core Services on RHEL 6
jbcs-httpd24-apr-0:1.6.3-73.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-curl-0:7.64.1-21.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-jansson-0:2.11-24.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.46-26.redhat_1.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:0250	2020-01-27T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-apr-0:1.6.3-73.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-curl-0:7.64.1-21.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-jansson-0:2.11-24.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.46-26.redhat_1.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:0250	2020-01-27T00:00:00Z
Red Hat Enterprise Linux 7
curl-0:7.29.0-59.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3916	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
curl-0:7.29.0-42.el7_4.3	cpe:/o:redhat:rhel_aus:7.4	RHSA-2021:0759	2021-03-09T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
curl-0:7.29.0-42.el7_4.3	cpe:/o:redhat:rhel_tus:7.4	RHSA-2021:0759	2021-03-09T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
curl-0:7.29.0-42.el7_4.3	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2021:0759	2021-03-09T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
curl-0:7.29.0-51.el7_6.4	cpe:/o:redhat:rhel_eus:7.6	RHSA-2021:0877	2021-03-16T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
curl-0:7.29.0-54.el7_7.4	cpe:/o:redhat:rhel_eus:7.7	RHSA-2021:1027	2021-03-30T00:00:00Z
Red Hat Enterprise Linux 8
curl-0:7.61.1-12.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:1792	2020-04-28T00:00:00Z
Red Hat OpenShift Do
openshiftdo/odo-init-image-rhel7:1.1.3-2	cpe:/a:redhat:openshift_do:1.0::el7	RHSA-2021:0949	2021-03-22T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html
https://curl.haxx.se/docs/CVE-2019-5482.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/
https://nvd.nist.gov/vuln/detail/CVE-2019-5482
https://seclists.org/bugtraq/2020/Feb/36
https://security.gentoo.org/glsa/202003-29
https://security.netapp.com/advisory/ntap-20191004-0003/
https://security.netapp.com/advisory/ntap-20200416-0003/
https://www.cve.org/CVERecord?id=CVE-2019-5482
https://www.debian.org/security/2020/dsa-4633
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2019-09-16T18:06:35

Updated: 2024-08-04T19:54:53.563Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5482

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-16T19:15:10.633

Modified: 2024-11-21T04:45:01.273

Link: CVE-2019-5482

Redhat

Severity : Moderate

Publid Date: 2019-09-11T00:00:00Z

Links: CVE-2019-5482 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "curl", "vendor": "n/a", "versions": [{"status": "affected", "version": "7.19.4 to 7.65.3"}]}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap Overflow (CWE-122)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:15:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"name": "openSUSE-SU-2019:2149", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"}, {"name": "FEDORA-2019-9e6357d82f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"}, {"name": "FEDORA-2019-6d7f6fa2c8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"}, {"name": "openSUSE-SU-2019:2169", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"}, {"name": "FEDORA-2019-f2a520135e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"}, {"name": "DSA-4633", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4633"}, {"name": "20200225 [SECURITY] [DSA 4633-1] curl security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Feb/36"}, {"name": "GLSA-202003-29", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-29"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191004-0003/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://curl.haxx.se/docs/CVE-2019-5482.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-5482", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "curl", "version": {"version_data": [{"version_value": "7.19.4 to 7.65.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap Overflow (CWE-122)"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2019:2149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"}, {"name": "FEDORA-2019-9e6357d82f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"}, {"name": "FEDORA-2019-6d7f6fa2c8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"}, {"name": "openSUSE-SU-2019:2169", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"}, {"name": "FEDORA-2019-f2a520135e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"}, {"name": "DSA-4633", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4633"}, {"name": "20200225 [SECURITY] [DSA 4633-1] curl security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Feb/36"}, {"name": "GLSA-202003-29", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-29"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://security.netapp.com/advisory/ntap-20200416-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://security.netapp.com/advisory/ntap-20191004-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191004-0003/"}, {"name": "https://curl.haxx.se/docs/CVE-2019-5482.html", "refsource": "CONFIRM", "url": "https://curl.haxx.se/docs/CVE-2019-5482.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.563Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2019:2149", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"}, {"name": "FEDORA-2019-9e6357d82f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"}, {"name": "FEDORA-2019-6d7f6fa2c8", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"}, {"name": "openSUSE-SU-2019:2169", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"}, {"name": "FEDORA-2019-f2a520135e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"}, {"name": "DSA-4633", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4633"}, {"name": "20200225 [SECURITY] [DSA 4633-1] curl security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Feb/36"}, {"name": "GLSA-202003-29", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-29"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191004-0003/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://curl.haxx.se/docs/CVE-2019-5482.html"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-5482", "datePublished": "2019-09-16T18:06:35", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:54:53.563Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC006E25-E2CF-452B-8E00-573895681653", "versionEndIncluding": "7.65.3", "versionStartIncluding": "7.19.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "37C50706-4EB7-4AC0-BFE2-B3929F79B5D7", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EF30C76E-7E58-4D76-89A8-53405685DA86", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "9C416FD3-2E2F-4BBC-BD5F-F896825883F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_essbase:11.1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B9CB98F-4BF8-4A51-A949-BD951435AE9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0AEAAA9-4B92-4FC6-BFBA-FE930C309ACE", "versionEndIncluding": "5.7.28", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CCFEDAE-B9B9-4B59-8DB4-FC0A0704B8D4", "versionEndIncluding": "8.0.18", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*", "matchCriteriaId": "8252A7F5-2FB5-4E73-864D-D11F21F5EC56", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3."}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3."}], "id": "CVE-2019-5482", "lastModified": "2024-11-21T04:45:01.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-16T19:15:10.633", "references": [{"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://curl.haxx.se/docs/CVE-2019-5482.html"}, {"source": "support@hackerone.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"}, {"source": "support@hackerone.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"}, {"source": "support@hackerone.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Feb/36"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-29"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191004-0003/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4633"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://curl.haxx.se/docs/CVE-2019-5482.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Feb/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191004-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Thomas Vegas as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-0:1.6.3-73.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-curl-0:7.64.1-21.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-jansson-0:2.11-24.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.46-26.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-73.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.64.1-21.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-jansson-0:2.11-24.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.46-26.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:0250", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-01-27T00:00:00Z"}, {"advisory": "RHSA-2020:3916", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "curl-0:7.29.0-59.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2021:0759", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "curl-0:7.29.0-42.el7_4.3", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-03-09T00:00:00Z"}, {"advisory": "RHSA-2021:0759", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "curl-0:7.29.0-42.el7_4.3", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2021-03-09T00:00:00Z"}, {"advisory": "RHSA-2021:0759", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "curl-0:7.29.0-42.el7_4.3", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2021-03-09T00:00:00Z"}, {"advisory": "RHSA-2021:0877", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "curl-0:7.29.0-51.el7_6.4", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:1027", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "curl-0:7.29.0-54.el7_7.4", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-03-30T00:00:00Z"}, {"advisory": "RHSA-2020:1792", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "curl-0:7.61.1-12.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2021:0949", "cpe": "cpe:/a:redhat:openshift_do:1.0::el7", "package": "openshiftdo/odo-init-image-rhel7:1.1.3-2", "product_name": "Red Hat OpenShift Do", "release_date": "2021-03-22T00:00:00Z"}], "bugzilla": {"description": "curl: heap buffer overflow in function tftp_receive_packet()", "id": "1749652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749652"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-122", "details": ["Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3."], "mitigation": {"lang": "en:us", "value": "Do not use TFTP with curl with smaller than the default BLKSIZE."}, "name": "CVE-2019-5482", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.2", "fix_state": "Not affected", "package_name": "rh-dotnet22-curl", "product_name": ".NET Core 2.2 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat JBoss Web Server 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "httpd24-curl", "product_name": "Red Hat Software Collections"}], "public_date": "2019-09-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-5482\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5482\nhttps://curl.haxx.se/docs/CVE-2019-5482.html"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object