[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

libcurl - (bulletinjan2019)

ID: oval:org.secpod.oval:def:2103499Date: (C)2019-12-31   (M)2022-10-10
Class: PATCHFamily: unix




libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn"t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

Platform:
Sun Solaris 11
Product:
web/curl
Reference:
bulletinjan2019
CVE-2019-3823
CVE-2018-16890
CVE-2019-3822
CVE    3
CVE-2018-16890
CVE-2019-3823
CVE-2019-3822
CPE    1
cpe:/o:oracle:solaris:11

© SecPod Technologies