#VU17458 Heap out-of-bounds read in libcurl


Published: 2019-02-11

Vulnerability identifier: #VU17458

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-3823

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libcurl
Universal components / Libraries / Libraries used by multiple products

Vendor: curl.haxx.se

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.

The vulnerability exists due to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. A remote attacker can trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..

Mitigation
Update to version 7.64.0.

Vulnerable software versions

libcurl: 7.30.0 - 7.63.0

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823
http://curl.haxx.se/docs/CVE-2019-3823.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Isilon OneFS
Multiple vulnerabilities in Dell EMC Unity Family
Out-of-bounds Read in Siemens SCALANCE and SIMATIC NET CM 1542-1
Red Hat update for curl
Gentoo update for cURL
OpenSUSE Linux update for curl
OpenSUSE Linux update for curl
Arch Linux update for curl
Arch Linux update for libcurl-gnutls
Arch Linux update for lib32-libcurl-gnutls