AVG-873 log

Package curl
Status Fixed
Severity High
Type arbitrary code execution
Affected 7.63.0-4
Fixed 7.64.0-1
Current 8.11.1-3 [core]
Ticket None
Created Wed Feb 6 19:34:20 2019
Issue Severity Remote Type Description
CVE-2019-3823 High Yes Arbitrary code execution
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer...
CVE-2019-3822 High Yes Arbitrary code execution
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header...
CVE-2018-16890 Medium Yes Arbitrary code execution
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages...
Date Advisory Package Type
12 Feb 2019 ASA-201902-9 curl arbitrary code execution