PT-2019-2327 · Curl+2 · Libcurl+2

Published

2019-05-22

Updated

2026-05-18

CVE-2019-5435

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libcurl versions 7.62.0 through 7.64.1

Description The issue is related to an integer overflow in the curl url set() function of the libcurl library. This overflow can lead to a buffer overflow, potentially allowing a remote attacker to cause a denial of service or impact the availability of protected information. The flaws are specific to 32-bit architectures and require excessive string input lengths to be triggered.

Recommendations For libcurl versions 7.62.0 through 7.64.1, consider updating to a version that fixes the integer overflow issue in the curl url set() function to prevent potential buffer overflows. As a temporary workaround, consider restricting input lengths to the curl url set() function to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-131CWE-190

Related Identifiers

ALT-PU-2019-1884

ALT-PU-2019-1885

BDU:2019-02100

BDU:2019-03794

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2019-5435

MGASA-2019-0337

OPENSUSE-SU-2024:10582-1

RHSA-2020:4384

USN-3993-1

Affected Products

Alt Linux

Ubuntu

Libcurl

PT-2019-2327 · Curl+2 · Libcurl+2

CVE-2019-5435

Weakness Enumeration

Related Identifiers

Affected Products

References · 339