CVE-2019-5436 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
libcurl before 7.65.0 contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server.

The flaw exists if the user selects to use a "blksize" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes. Users choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger.
Group Package Affected Fixed Severity Status Ticket
AVG-964 curl 7.64.1-2 7.65.0-1 High Fixed
AVG-963 lib32-curl 7.64.1-1 7.65.0-1 High Fixed
AVG-962 lib32-libcurl-compat 7.64.1-1 7.65.0-1 High Fixed
AVG-961 lib32-libcurl-gnutls 7.64.1-1 7.65.0-1 High Fixed
AVG-960 libcurl-gnutls 7.64.1-1 7.65.0-1 High Fixed
AVG-959 libcurl-compat 7.64.1-1 7.65.0-1 High Fixed
Date Advisory Group Package Severity Type
31 May 2019 ASA-201905-16 AVG-964 curl High arbitrary code execution
31 May 2019 ASA-201905-15 AVG-963 lib32-curl High arbitrary code execution
31 May 2019 ASA-201905-14 AVG-962 lib32-libcurl-compat High arbitrary code execution
31 May 2019 ASA-201905-13 AVG-961 lib32-libcurl-gnutls High arbitrary code execution
31 May 2019 ASA-201905-12 AVG-960 libcurl-gnutls High arbitrary code execution
31 May 2019 ASA-201905-11 AVG-959 libcurl-compat High arbitrary code execution
References
https://curl.haxx.se/docs/CVE-2019-5436.html
https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275