cURL/libcURL Multiple Buffer Overflow Vulnerabilities
BID:106950
CVE-2019-3822 | CVE-2019-3823 |Info
cURL/libcURL Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 106950 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2019-3822 CVE-2019-3823 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 06 2019 12:00AM |
| Updated: | Jul 17 2019 06:00AM |
| Credit: | Brian Carpenter, Geeknik Labs and Wenxiang Qian from Tencent Blade Team. |
| Vulnerable: |
Ubuntu Ubuntu Linux 18.10 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS Ubuntu Ubuntu Linux 14.04 LTS Siemens SINEMA Remote Connect Client 1.0 Redhat Software Collections for RHEL 0 Oracle Services Tools Bundle 19.2 Oracle Secure Global Desktop 5.4 Oracle MySQL Server 8.0.15 Oracle MySQL Server 8.0.14 Oracle MySQL Server 8.0.13 Oracle MySQL Server 8.0.12 Oracle MySQL Server 8.0.11 Oracle MySQL Server 5.7.26 Oracle MySQL Server 5.7.25 Oracle MySQL Server 5.7.24 Oracle MySQL Server 5.7.23 Oracle MySQL Server 5.7.22 Oracle MySQL Server 5.7.21 Oracle MySQL Server 5.7.20 Oracle MySQL Server 5.7.19 Oracle MySQL Server 5.7.18 Oracle MySQL Server 5.7.17 Oracle MySQL Server 5.7.16 Oracle MySQL Server 5.7.15 Oracle MySQL Server 5.7.12 Oracle MySQL Server 5.7 Oracle HTTP Server 12.2.1.3.0 Oracle Enterprise Manager Ops Center 12.4 Oracle Enterprise Manager Ops Center 12.3.3 Oracle Communications Operations Monitor 4.0 Oracle Communications Operations Monitor 3.4 NetApp Clustered Data ONTAP 0 Haxx Libcurl 7.63 Haxx Libcurl 7.62 Haxx Libcurl 7.61.1 Haxx Libcurl 7.61 Haxx Libcurl 7.60 Haxx Libcurl 7.59 Haxx Libcurl 7.58 Haxx Libcurl 7.57 Haxx Libcurl 7.56.1 Haxx Libcurl 7.56 Haxx Libcurl 7.55.1 Haxx Libcurl 7.54.1 Haxx Libcurl 7.54 Haxx Libcurl 7.53.1 Haxx Libcurl 7.53 Haxx Libcurl 7.52 Haxx Libcurl 7.51 Haxx Libcurl 7.50.3 Haxx Libcurl 7.50.2 Haxx Libcurl 7.50.1 Haxx Libcurl 7.50 Haxx Libcurl 7.47 Haxx Libcurl 7.46 Haxx Libcurl 7.43 Haxx Libcurl 7.42.1 Haxx Libcurl 7.36 Haxx Libcurl 7.55.0 Haxx Libcurl 7.52.1 Haxx Libcurl 7.49.0 Haxx Libcurl 7.48.0 Haxx Libcurl 7.42.0 Haxx Libcurl 7.41.0 Haxx Libcurl 7.40.0 Haxx Libcurl 7.39 Haxx Libcurl 7.38.0 Haxx Libcurl 7.37.1 Haxx Libcurl 7.37.0 Haxx Curl 7.62 Haxx Curl 7.61.1 Haxx Curl 7.61 Haxx Curl 7.60 Haxx Curl 7.59 Haxx Curl 7.58 Haxx Curl 7.56.1 Haxx Curl 7.56 Haxx Curl 7.55.1 Haxx Curl 7.55 Haxx Curl 7.54.1 Haxx Curl 7.54 Haxx Curl 7.53.1 Haxx Curl 7.53 Haxx Curl 7.52 Haxx Curl 7.51 Haxx Curl 7.50.3 Haxx Curl 7.50 Haxx Curl 7.47 Haxx Curl 7.46 Haxx Curl 7.45 Haxx Curl 7.43 Haxx Curl 7.42.1 Haxx Curl 7.36 Haxx Curl 7.63.0 Haxx Curl 7.57.0 Haxx Curl 7.52.1 Haxx Curl 7.50.1 Haxx Curl 7.49.0 Haxx Curl 7.48.0 Haxx Curl 7.42.0 Haxx Curl 7.41.0 Haxx Curl 7.40.0 Haxx Curl 7.39.0 Haxx Curl 7.38.0 Haxx Curl 7.37.1 |
| Not Vulnerable: |
Siemens SINEMA Remote Connect Client 2.0 HF1 Haxx Libcurl 7.64 Haxx Curl 7.64.0 |
Discussion
cURL/libcURL Multiple Buffer Overflow Vulnerabilities
cURL/libcURL is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed.
cURL/libcURL versions 7.36.0 through 7.63.0 are vulnerable.
cURL/libcURL is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed.
cURL/libcURL versions 7.36.0 through 7.63.0 are vulnerable.
Exploit / POC
cURL/libcURL Multiple Buffer Overflow Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
cURL/libcURL Multiple Buffer Overflow Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
cURL/libcURL Multiple Buffer Overflow Vulnerabilities
References:
References:
- cURL Home Page (cURL)
- Curl Product Page (Haxx)
- February 2019 curl/libcurl Vulnerabilities in NetApp Products (NetApp)
- ntlm: Added support for NTLMv2 (Github)
- smtp: avoid risk of buffer overflow in strtol (Github)
- smtp: Fixed response code parsing for bad AUTH continuation responses (Github)
- USN-3882-1: curl vulnerabilities (Ubuntu)
- Advisory (ICSA-19-099-04) (ICS CERT)
- CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow (Redhat)
- CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read (Redhat)
- DSA-4386-1 curl -- security update (Debian)
- ntlm: fix *_type3_message size check to avoid buffer overflow (Github)
- NTLMv2 type-3 header stack buffer overflow (Haxx)
- Oracle Critical Patch Update Advisory - April 2019 (Oracle)
- Oracle Critical Patch Update Advisory - July 2019 (Oracle)
- Red Hat Bugzilla �?? Bug 1670254 (Red Hat Bugzilla)
- Red Hat Bugzilla �?? Bug 1670256 (Red Hat Bugzilla)
- SMTP end-of-response out-of-bounds read (Haxx)
- SSA-436177: Multiple Vulnerabilities in SINEMA Remote Connect (Siemens)