CVE-2019-5436

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-28 19:29

Updated : 2024-02-04 20:20


NVD link : CVE-2019-5436

Mitre link : CVE-2019-5436

CVE.ORG link : CVE-2019-5436


JSON object : View

Products Affected

oracle

  • mysql_server
  • oss_support_tools
  • enterprise_manager_ops_center

debian

  • debian_linux

fedoraproject

  • fedora

f5

  • traffix_signaling_delivery_controller

netapp

  • hci_management_node
  • solidfire
  • steelstore_cloud_integrated_storage

opensuse

  • leap

haxx

  • libcurl
CWE
CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow