CVE-2019-3823

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

Published : 2019-02-06 20:29 Updated : 2019-07-23 23:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Haxx Libcurl 7.34.0 cpe:/a:haxx:libcurl:7.34.0
Haxx Libcurl 7.35.0 cpe:/a:haxx:libcurl:7.35.0
Haxx Libcurl 7.36.0 cpe:/a:haxx:libcurl:7.36.0
Haxx Libcurl 7.37.0 cpe:/a:haxx:libcurl:7.37.0
Haxx Libcurl 7.37.1 cpe:/a:haxx:libcurl:7.37.1
Haxx Libcurl 7.38.0 cpe:/a:haxx:libcurl:7.38.0
Haxx Libcurl 7.39 cpe:/a:haxx:libcurl:7.39
Haxx Libcurl 7.39.0 cpe:/a:haxx:libcurl:7.39.0
Haxx Libcurl 7.40.0 cpe:/a:haxx:libcurl:7.40.0
Haxx Libcurl 7.41.0 cpe:/a:haxx:libcurl:7.41.0
Haxx Libcurl 7.42 cpe:/a:haxx:libcurl:7.42
Haxx Libcurl 7.42.0 cpe:/a:haxx:libcurl:7.42.0
Haxx Libcurl 7.42.1 cpe:/a:haxx:libcurl:7.42.1
Haxx Libcurl 7.43.0 cpe:/a:haxx:libcurl:7.43.0
Haxx Libcurl 7.44.0 cpe:/a:haxx:libcurl:7.44.0
Haxx Libcurl 7.45.0 cpe:/a:haxx:libcurl:7.45.0
Haxx Libcurl 7.46.0 cpe:/a:haxx:libcurl:7.46.0
Haxx Libcurl 7.47.0 cpe:/a:haxx:libcurl:7.47.0
Haxx Libcurl 7.47.1 cpe:/a:haxx:libcurl:7.47.1
Haxx Libcurl 7.48.0 cpe:/a:haxx:libcurl:7.48.0
Haxx Libcurl 7.49.0 cpe:/a:haxx:libcurl:7.49.0
Haxx Libcurl 7.49.1 cpe:/a:haxx:libcurl:7.49.1
Haxx Libcurl 7.50.0 cpe:/a:haxx:libcurl:7.50.0
Haxx Libcurl 7.50.1 cpe:/a:haxx:libcurl:7.50.1
Haxx Libcurl 7.50.2 cpe:/a:haxx:libcurl:7.50.2
Haxx Libcurl 7.50.3 cpe:/a:haxx:libcurl:7.50.3
Haxx Libcurl 7.51.0 cpe:/a:haxx:libcurl:7.51.0
Haxx Libcurl 7.52.0 cpe:/a:haxx:libcurl:7.52.0
Haxx Libcurl 7.52.1 cpe:/a:haxx:libcurl:7.52.1
Haxx Libcurl 7.53.0 cpe:/a:haxx:libcurl:7.53.0
Haxx Libcurl 7.53.1 cpe:/a:haxx:libcurl:7.53.1
Haxx Libcurl 7.54.0 cpe:/a:haxx:libcurl:7.54.0
Haxx Libcurl 7.54.1 cpe:/a:haxx:libcurl:7.54.1
Haxx Libcurl 7.55.0 cpe:/a:haxx:libcurl:7.55.0
Haxx Libcurl 7.55.1 cpe:/a:haxx:libcurl:7.55.1
Haxx Libcurl 7.56.0 cpe:/a:haxx:libcurl:7.56.0
Haxx Libcurl 7.56.1 cpe:/a:haxx:libcurl:7.56.1
Haxx Libcurl 7.57.0 cpe:/a:haxx:libcurl:7.57.0
Haxx Libcurl 7.58.0 cpe:/a:haxx:libcurl:7.58.0
Haxx Libcurl 7.59.0 cpe:/a:haxx:libcurl:7.59.0
Haxx Libcurl 7.60.0 cpe:/a:haxx:libcurl:7.60.0
Haxx Libcurl 7.61.0 cpe:/a:haxx:libcurl:7.61.0
Haxx Libcurl 7.61.1 cpe:/a:haxx:libcurl:7.61.1
Haxx Libcurl 7.62.0 cpe:/a:haxx:libcurl:7.62.0
Haxx Libcurl 7.63.0 cpe:/a:haxx:libcurl:7.63.0
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Oracle Communications Operations Monitor 3.4 cpe:/a:oracle:communications_operations_monitor:3.4
Oracle Communications Operations Monitor 4.0 cpe:/a:oracle:communications_operations_monitor:4.0
Oracle Http Server 12.2.1.3.0 cpe:/a:oracle:http_server:12.2.1.3.0
Oracle Secure Global Desktop 5.4 cpe:/a:oracle:secure_global_desktop:5.4
Netapp Clustered Data Ontap cpe:/o:netapp:clustered_data_ontap
  1. Oracle (3) Search CVE
    1. Communications Operations Monitor (2) Search CVE
      1. 3.4
      2. 4.0
    2. Http Server (1) Search CVE
      1. 12.2.1.3.0
    3. Secure Global Desktop (1) Search CVE
      1. 5.4
  2. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
      4. 18.10
  3. Haxx (1) Search CVE
    1. Libcurl (45) Search CVE
      1. 7.34.0
      2. 7.35.0
      3. 7.36.0
      4. 7.37.0
      5. 7.37.1
      6. 7.38.0
      7. 7.39
      8. 7.39.0
      9. 7.40.0
      10. 7.41.0
      11. 7.42
      12. 7.42.0
      13. 7.42.1
      14. 7.43.0
      15. 7.44.0
      16. 7.45.0
      17. 7.46.0
      18. 7.47.0
      19. 7.47.1
      20. 7.48.0
      21. 7.49.0
      22. 7.49.1
      23. 7.50.0
      24. 7.50.1
      25. 7.50.2
      26. 7.50.3
      27. 7.51.0
      28. 7.52.0
      29. 7.52.1
      30. 7.53.0
      31. 7.53.1
      32. 7.54.0
      33. 7.54.1
      34. 7.55.0
      35. 7.55.1
      36. 7.56.0
      37. 7.56.1
      38. 7.57.0
      39. 7.58.0
      40. 7.59.0
      41. 7.60.0
      42. 7.61.0
      43. 7.61.1
      44. 7.62.0
      45. 7.63.0
  4. Netapp (1) Search CVE
    1. Clustered Data Ontap (1) Search CVE
  5. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2019-07-23 23:15
2019-04-26 15:52
2019-04-23 19:32
2019-03-18 19:24
2019-03-15 10:29
2019-03-13 16:16
2019-03-11 11:29
2019-02-27 18:52
2019-02-09 11:29
2019-02-08 16:00
2019-02-07 11:29
2019-02-06 20:29

New CVE