{"api_version":"1","generated_at":"2026-04-22T19:34:57+00:00","cve":"CVE-2019-3822","urls":{"html":"https://cve.report/CVE-2019-3822","api":"https://cve.report/api/cve/CVE-2019-3822.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-3822","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-3822"},"summary":{"title":"CVE-2019-3822","description":"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-02-06 20:29:00","updated_at":"2023-11-07 03:10:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2019/dsa-4386","name":"DSA-4386","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4386-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201903-03","name":"GLSA-201903-03","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"cURL: Multiple vulnerabilities (GLSA 201903-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://curl.haxx.se/docs/CVE-2019-3822.html","name":"https://curl.haxx.se/docs/CVE-2019-3822.html","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"curl - NTLMv2 type-3 header stack buffer overflow - CVE-2019-3822","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20190315-0001/","name":"https://security.netapp.com/advisory/ntap-20190315-0001/","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"February 2019 curl/libcurl Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106950","name":"106950","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"cURL/libcURL Multiple Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822","refsource":"CONFIRM","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"],"title":"1670254 – (CVE-2019-3822) CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3882-1/","name":"USN-3882-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3882-1: curl vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp%3Butm_medium=RSS","name":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp%3Butm_medium=RSS","refsource":"","tags":[],"title":"myF5","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.f5.com/csp/article/K84141449","name":"https://support.f5.com/csp/article/K84141449","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update - July 2019","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2019:3701","name":"RHSA-2019:3701","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20190719-0004/","name":"https://security.netapp.com/advisory/ntap-20190719-0004/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"July 2019 MySQL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS","name":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E","name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2019","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-3822","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3822","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"active_iq_unified_manager_for_vmware_vsphere","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"active_iq_unified_manager_for_vmware_vsphere","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"active_iq_unified_manager_for_windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"active_iq_unified_manager_for_windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_workflow_automation","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"oncommand_workflow_automation","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"oncommand_workflow_automation","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"snapcenter","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"snapcenter","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"snapcenter","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_operations_monitor","cpe6":"3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_operations_monitor","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_operations_monitor","cpe6":"3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_operations_monitor","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"enterprise_manager_ops_center","cpe6":"12.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"enterprise_manager_ops_center","cpe6":"12.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"enterprise_manager_ops_center","cpe6":"12.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"enterprise_manager_ops_center","cpe6":"12.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"5.7.26","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"8.0.15","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"secure_global_desktop","cpe6":"5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"secure_global_desktop","cpe6":"5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"services_tools_bundle","cpe6":"19.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"services_tools_bundle","cpe6":"19.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3822","vulnerable":"1","versionEndIncluding":"2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinema_remote_connect_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-3822","qid":"377396","title":"Alibaba Cloud Linux Security Update for curl (ALINUX3-SA-2021:0078)"},{"cve":"CVE-2019-3822","qid":"500127","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2019-3822","qid":"503782","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2019-3822","qid":"710197","title":"Gentoo Linux cURL Multiple Vulnerabilities (GLSA 201903-03)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2019-3822","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"curl","version":{"version_data":[{"version_value":"7.64.0"}]}}]},"vendor_name":"The curl Project"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header."}]},"impact":{"cvss":[[{"vectorString":"7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-121"}]}]},"references":{"reference_data":[{"name":"GLSA-201903-03","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201903-03"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822"},{"name":"DSA-4386","refsource":"DEBIAN","url":"https://www.debian.org/security/2019/dsa-4386"},{"name":"https://curl.haxx.se/docs/CVE-2019-3822.html","refsource":"MISC","url":"https://curl.haxx.se/docs/CVE-2019-3822.html"},{"name":"https://security.netapp.com/advisory/ntap-20190315-0001/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20190315-0001/"},{"name":"USN-3882-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3882-1/"},{"name":"106950","refsource":"BID","url":"http://www.securityfocus.com/bid/106950"},{"refsource":"MLIST","name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.","url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","refsource":"MISC","name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","refsource":"MISC","name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20190719-0004/","url":"https://security.netapp.com/advisory/ntap-20190719-0004/"},{"refsource":"CONFIRM","name":"https://support.f5.com/csp/article/K84141449","url":"https://support.f5.com/csp/article/K84141449"},{"refsource":"CONFIRM","name":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS","url":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS"},{"refsource":"REDHAT","name":"RHSA-2019:3701","url":"https://access.redhat.com/errata/RHSA-2019:3701"}]}},"nvd":{"publishedDate":"2019-02-06 20:29:00","lastModifiedDate":"2023-11-07 03:10:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.36.0","versionEndExcluding":"7.64.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","versionStartIncluding":"7.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*","versionStartIncluding":"9.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7.26","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.27","versionEndIncluding":"8.0.15","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"3822","Ordinal":"141431","Title":"CVE-2019-3822","CVE":"CVE-2019-3822","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"3822","Ordinal":"1","NoteData":"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"3822","Ordinal":"2","NoteData":"2019-02-06","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"3822","Ordinal":"3","NoteData":"2019-11-05","Type":"Other","Title":"Modified"}]}}}