PT-2019-2327 · Curl+2 · Libcurl+2

Publicado

2019-05-22

Atualizado

2026-05-18

CVE-2019-5435

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libcurl versions 7.62.0 through 7.64.1

Description The issue is related to an integer overflow in the curl url set() function of the libcurl library. This overflow can lead to a buffer overflow, potentially allowing a remote attacker to cause a denial of service or impact the availability of protected information. The flaws are specific to 32-bit architectures and require excessive string input lengths to be triggered.

Recommendations For libcurl versions 7.62.0 through 7.64.1, consider updating to a version that fixes the integer overflow issue in the curl url set() function to prevent potential buffer overflows. As a temporary workaround, consider restricting input lengths to the curl url set() function to minimize the risk of exploitation.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-131CWE-190

Identificadores relacionados

ALT-PU-2019-1884

ALT-PU-2019-1885

BDU:2019-02100

BDU:2019-03794

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2019-5435

MGASA-2019-0337

OPENSUSE-SU-2024:10582-1

RHSA-2020:4384

USN-3993-1

Produtos afetados

Alt Linux

Ubuntu

Libcurl

PT-2019-2327 · Curl+2 · Libcurl+2

CVE-2019-5435

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 339