AVG-874

Package lib32-curl
Status Fixed
Severity High
Type arbitrary code execution
Affected 7.63.0-2
Fixed 7.64.0-1
Current 7.65.3-1 [multilib]
Ticket None
Created Wed Feb 6 19:35:15 2019
Issue Severity Remote Type Description
CVE-2019-3823 High Yes Arbitrary code execution
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer...
CVE-2019-3822 High Yes Arbitrary code execution
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header...
CVE-2018-16890 Medium Yes Arbitrary code execution
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages...
Date Advisory Package Description
12 Feb 2019 ASA-201902-13 lib32-curl arbitrary code execution