Heap Buffer Overflow in libcurl Affects Multiple Versions
CVE-2019-5436
7.8HIGH
What is CVE-2019-5436?
A vulnerability in libcurl's TFTP receiving code can lead to a heap buffer overflow, allowing attackers to execute arbitrary code or cause a denial-of-service (DoS) condition. This affects multiple versions of libcurl, making it critical for users to update to secure versions to mitigate potential exploits.
Affected Version(s)
curl Fixed in 7.65.0
References
EPSS Score
29% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved