AVG-875

Package lib32-libcurl-compat
Status Fixed
Severity High
Type arbitrary code execution
Affected 7.63.0-2
Fixed 7.64.0-1
Current 7.65.3-1 [multilib]
Ticket None
Created Wed Feb 6 19:36:34 2019
Issue Severity Remote Type Description
CVE-2019-3823 High Yes Arbitrary code execution
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer...
CVE-2019-3822 High Yes Arbitrary code execution
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header...
CVE-2018-16890 Medium Yes Arbitrary code execution
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages...
Date Advisory Package Description
12 Feb 2019 ASA-201902-12 lib32-libcurl-compat arbitrary code execution