CURL-CVE-2019-3823

Source
https://curl.se/docs/CVE-2019-3823.html
Import Source
https://curl.se/docs/CURL-CVE-2019-3823.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2019-3823
Aliases
Published
2019-02-06T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
SMTP end-of-response out-of-bounds read
Details

libcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP.

If the buffer passed to smtp_endofresp() is not null terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read content is not returned to the caller.

Database specific
{
    "CWE": {
        "id": "CWE-125",
        "desc": "Out-of-bounds Read"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2019-3823.json",
    "severity": "Low",
    "www": "https://curl.se/docs/CVE-2019-3823.html",
    "last_affected": "7.63.0"
}
References
Credits
    • Brian Carpenter (Geeknik Labs) - FINDER
    • Daniel Gustafsson - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.34.0
Fixed
7.64.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0
7.58.0
7.59.0
7.60.0
7.61.0
7.61.1
7.62.0
7.63.0