SB2019020630 - Fedora 29 update for curl 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019020630

SB2019020630 - Fedora 29 update for curl

Published: February 6, 2019 Updated: April 24, 2025

Security Bulletin ID SB2019020630
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Heap out-of-bounds read (CVE-ID: CVE-2019-3823)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.

The vulnerability exists due to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. A remote attacker can trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..


2) Stack-based buffer overflow (CVE-ID: CVE-2019-3822)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to the NT LAN Manager (NTLM) Curl_auth_create_ntlm_type3_message function creates an outgoing NTLM type-3 header and generates the request HTTP header contents based on previously received data. A remote unauthenticated attacker can send very large ‘nt response’ output data, that has been extracted from a previous NTLMv2 header that was provided by a malicious or broken HTTP server, trigger stack-based buffer overflow and cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Heap out-of-bounds read (CVE-ID: CVE-2018-16890)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.

The vulnerability exists due to a integer overflow in the function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly. A remote attacker on malicious or broken NTLM server can trick the victim into accepting a bad length + offset combination, trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..


Remediation

Install update from vendor's website.

References