Description
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
Related CPE's
o
canonical
ubuntu_linux
a
oracle
communications_operations_monitor
References
http://www.securityfocus.com/bid/106950
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823
https://curl.haxx.se/docs/CVE-2019-3823.html
https://security.gentoo.org/glsa/201903-03
https://security.netapp.com/advisory/ntap-20190315-0001/
https://usn.ubuntu.com/3882-1/
https://www.debian.org/security/2019/dsa-4386
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.securityfocus.com/bid/106950
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823
https://curl.haxx.se/docs/CVE-2019-3823.html
https://security.gentoo.org/glsa/201903-03
https://security.netapp.com/advisory/ntap-20190315-0001/
https://usn.ubuntu.com/3882-1/
https://www.debian.org/security/2019/dsa-4386
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
CVSS impact metrics
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2019-02-06T19:29:00.400Z
7 years agoLast modified
2024-11-21T03:42:37.110Z
1 year ago