AVG-962

Package lib32-libcurl-compat
Status Fixed
Severity High
Type arbitrary code execution
Affected 7.64.1-1
Fixed 7.65.0-1
Current 7.65.3-1 [multilib]
Ticket None
Created Wed May 22 14:37:55 2019
Issue Severity Remote Type Description
CVE-2019-5436 High Yes Arbitrary code execution
libcurl before 7.65.0 contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It calls recvfrom()...
CVE-2019-5435 High Yes Arbitrary code execution
libcurl before 7.65.0 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a...
Date Advisory Package Description
31 May 2019 ASA-201905-14 lib32-libcurl-compat arbitrary code execution
References
https://curl.haxx.se/docs/CVE-2019-5435.html
https://curl.haxx.se/docs/CVE-2019-5436.html