CVE-2019-5436
Public on 2019-05-28
Modified on 2019-07-25
Description
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | curl | 2019-07-17 | ALAS-2019-1233 | Fixed |
| Amazon Linux 2 - Core | curl | 2019-07-18 | ALAS2-2019-1233 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 4.6 | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |