Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.704386 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 4386-1 (curl - security update) |
Summary: | Multiple vulnerabilities were discovered in cURL, an URL transfer library.;;CVE-2018-16890;Wenxiang Qian of Tencent Blade Team discovered that the function;handling incoming NTLM type-2 messages does not validate incoming;data correctly and is subject to an integer overflow vulnerability,;which could lead to an out-of-bounds buffer read.;;CVE-2019-3822;Wenxiang Qian of Tencent Blade Team discovered that the function;creating an outgoing NTLM type-3 header is subject to an integer;overflow vulnerability, which could lead to an out-of-bounds write.;;CVE-2019-3823;Brian Carpenter of Geeknik Labs discovered that the code handling;the end-of-response for SMTP is subject to an out-of-bounds heap;read. |
Description: | Summary: Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could lead to an out-of-bounds buffer read. CVE-2019-3822 Wenxiang Qian of Tencent Blade Team discovered that the function creating an outgoing NTLM type-3 header is subject to an integer overflow vulnerability, which could lead to an out-of-bounds write. CVE-2019-3823 Brian Carpenter of Geeknik Labs discovered that the code handling the end-of-response for SMTP is subject to an out-of-bounds heap read. Affected Software/OS: curl on Debian Linux Solution: For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9. We recommend that you upgrade your curl packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-3822 BugTraq ID: 106950 http://www.securityfocus.com/bid/106950 Debian Security Information: DSA-4386 (Google Search) https://www.debian.org/security/2019/dsa-4386 https://security.gentoo.org/glsa/201903-03 https://curl.haxx.se/docs/CVE-2019-3822.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E RedHat Security Advisories: RHSA-2019:3701 https://access.redhat.com/errata/RHSA-2019:3701 https://usn.ubuntu.com/3882-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |