AVG-963 log

Package lib32-curl
Status Fixed
Severity High
Type arbitrary code execution
Affected 7.64.1-1
Fixed 7.65.0-1
Current 8.11.1-3 [multilib]
Ticket None
Created Wed May 22 14:38:00 2019
Issue Severity Remote Type Description
CVE-2019-5436 High Yes Arbitrary code execution
libcurl before 7.65.0 contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It calls recvfrom()...
CVE-2019-5435 High Yes Arbitrary code execution
libcurl before 7.65.0 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a...
Date Advisory Package Type
31 May 2019 ASA-201905-15 lib32-curl arbitrary code execution
References
https://curl.haxx.se/docs/CVE-2019-5435.html
https://curl.haxx.se/docs/CVE-2019-5436.html