CURL-CVE-2019-5481
- Source
- https://curl.se/docs/CVE-2019-5481.html
- Import Source
- https://curl.se/docs/CURL-CVE-2019-5481.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2019-5481
- Aliases
- Published
- 2019-09-11T08:00:00Z
- Modified
- 2024-06-07T13:53:51Z
- Summary
- FTP-KRB double free
- Details
-
libcurl can be told to use kerberos over FTP to a server, as set with the
CURLOPT_KRBLEVELoption.During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following.
A malicious or just broken server can claim to send a very large block and if by doing that it makes curl's subsequent call to
realloc()to fail, curl would then misbehave in the exit path and double free the memory.In practical terms, an up to 4 GB memory area may very well be fine to allocate on a modern 64 bit system but on 32 bit systems it fails.
Kerberos FTP is a rarely used protocol with curl. Also, Kerberos authentication is usually only attempted and used with servers that the client has a previous association with.
- References
-
- Credits
-
-
- Thomas Vegas - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-