Integer Overflow Vulnerability in curl's URL API Affecting libcurl
CVE-2019-5435

3.7LOW

Key Information:

Vendor: Curl
Status: Curl
Vendor: CVE Published:; 28 May 2019

What is CVE-2019-5435?

An integer overflow vulnerability in the URL API of curl can lead to a buffer overflow in libcurl, affecting versions from 7.62.0 through 7.64.1. This issue could potentially allow attackers to execute arbitrary code or cause a denial-of-service condition by crafting malicious URLs. Users and administrators are advised to review impacted versions and update to mitigate potential risks.

Affected Version(s)

curl Fixed in 7.65.0

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://security.gentoo.org/glsa/202003-29

vendor-advisoryx_refsource_GENTOO

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2019
Vulnerability Reserved
Jan 4, 2019

Curl

What is CVE-2019-5435?

Affected Version(s)

References

CVSS V3.1

Timeline