CURL-CVE-2019-5435

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2019-5435.html
Import Source
https://curl.se/docs/CURL-CVE-2019-5435.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2019-5435
Aliases
Published
2019-05-22T08:00:00Z
Modified
2024-01-25T02:42:48.739029Z
Summary
Integer overflows in URL parser
Details

libcurl contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow.

The flaws only exist on 32 bit architectures and require excessive string input lengths.

References
Credits
    • Wenchao Li - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.62.0
Fixed
7.65.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
fb30ac5a2d63773c529c19259754e2b306ac2e2e
Fixed
5fc28510a4664f46459d9a40187d81cc08571e60

Affected versions

7.*

7.62.0
7.63.0
7.64.0
7.64.1