{ "threat_severity" : "Low", "public_date" : "2019-05-22T00:00:00Z", "bugzilla" : { "description" : "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", "id" : "1710620", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1710620" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-122", "details" : [ "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1." ], "statement" : "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", "acknowledgement" : "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges l00p3r as the original reporter.", "affected_release" : [ { "product_name" : "JBoss Core Services Apache HTTP Server 2.4.29 SP2", "release_date" : "2019-06-18T00:00:00Z", "advisory" : "RHSA-2019:1543", "cpe" : "cpe:/a:redhat:jboss_core_services:1" }, { "product_name" : "Red Hat Ansible Tower 3.5 for RHEL 7", "release_date" : "2020-04-22T00:00:00Z", "advisory" : "RHBA-2020:1539", "cpe" : "cpe:/a:redhat:ansible_tower:3.5::el7", "package" : "ansible-tower-35/ansible-tower:3.5.6-1" }, { "product_name" : "Red Hat Ansible Tower 3.6 for RHEL 7", "release_date" : "2020-04-22T00:00:00Z", "advisory" : "RHBA-2020:1540", "cpe" : "cpe:/a:redhat:ansible_tower:3.6::el7", "package" : "ansible-tower-36/ansible-tower:3.6.4-1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-03-31T00:00:00Z", "advisory" : "RHSA-2020:1020", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "curl-0:7.29.0-57.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date" : "2020-06-12T00:00:00Z", "advisory" : "RHSA-2020:2505", "cpe" : "cpe:/o:redhat:rhel_eus:7.7", "package" : "curl-0:7.29.0-54.el7_7.3" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-28T00:00:00Z", "advisory" : "RHSA-2020:1792", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "curl-0:7.61.1-12.el8" } ], "package_state" : [ { "product_name" : ".NET Core 1.0 on Red Hat Enterprise Linux", "fix_state" : "Not affected", "package_name" : "rh-dotnetcore10-curl", "cpe" : "cpe:/a:redhat:rhel_dotnet:1.0" }, { "product_name" : ".NET Core 1.1 on Red Hat Enterprise Linux", "fix_state" : "Not affected", "package_name" : "rh-dotnetcore11-curl", "cpe" : "cpe:/a:redhat:rhel_dotnet:1.1" }, { "product_name" : ".NET Core 2.1 on Red Hat Enterprise Linux", "fix_state" : "Not affected", "package_name" : "rh-dotnet21-curl", "cpe" : "cpe:/a:redhat:rhel_dotnet:2.1" }, { "product_name" : ".NET Core 2.2 on Red Hat Enterprise Linux", "fix_state" : "Not affected", "package_name" : "rh-dotnet22-curl", "cpe" : "cpe:/a:redhat:rhel_dotnet:2.2" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat JBoss Core Services", "fix_state" : "Affected", "package_name" : "jbcs-httpd24-curl", "cpe" : "cpe:/a:redhat:jboss_core_services:1" }, { "product_name" : "Red Hat JBoss Web Server 5", "fix_state" : "Not affected", "package_name" : "curl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Fix deferred", "package_name" : "httpd24-curl", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-5436\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5436\nhttps://curl.haxx.se/docs/CVE-2019-5436.html" ], "name" : "CVE-2019-5436", "csaw" : false }