CURL-CVE-2019-3823
- Source
- https://curl.se/docs/CVE-2019-3823.html
- Import Source
- https://curl.se/docs/CURL-CVE-2019-3823.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2019-3823
- Aliases
- Published
- 2019-02-06T08:00:00Z
- Modified
- 2024-06-07T13:53:51Z
- Summary
- SMTP end-of-response out-of-bounds read
- Details
-
libcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP.
If the buffer passed to
smtp_endofresp()is not null terminated and contains no character ending the parsed number, andlenis set to 5, then thestrtol()call reads beyond the allocated buffer. The read content is not returned to the caller. - References
-
- Credits
-
-
- Brian Carpenter (Geeknik Labs) - FINDER
-
- Daniel Gustafsson - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.34.0Fixed7.64.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0
7.58.0
7.59.0
7.60.0
7.61.0
7.61.1
7.62.0
7.63.0