CVE-2019-5481 - Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

CVE-2019-5481

Summary

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

References

Vulnerable Configurations

cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:x86:*
cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:x86:*
cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:x86:*
cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:x86:*
cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.61.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.61.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.61.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.61.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.62.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.62.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.63.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.63.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.64.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.64.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.64.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.64.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.65.3:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.27:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.27:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.28:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:5.7.28:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-03-2023 - 18:41)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

rpms

jbcs-httpd24-apr-0:1.6.3-73.jbcs.el6
jbcs-httpd24-apr-0:1.6.3-73.jbcs.el7
jbcs-httpd24-apr-debuginfo-0:1.6.3-73.jbcs.el6
jbcs-httpd24-apr-debuginfo-0:1.6.3-73.jbcs.el7
jbcs-httpd24-apr-devel-0:1.6.3-73.jbcs.el6
jbcs-httpd24-apr-devel-0:1.6.3-73.jbcs.el7
jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-debuginfo-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-debuginfo-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-devel-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-devel-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-ldap-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-ldap-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-mysql-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-mysql-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-nss-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-nss-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-odbc-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-odbc-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-openssl-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-openssl-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-pgsql-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-pgsql-0:1.6.1-54.jbcs.el7
jbcs-httpd24-apr-util-sqlite-0:1.6.1-54.jbcs.el6
jbcs-httpd24-apr-util-sqlite-0:1.6.1-54.jbcs.el7
jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el6
jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el7
jbcs-httpd24-brotli-debuginfo-0:1.0.6-9.jbcs.el6
jbcs-httpd24-brotli-debuginfo-0:1.0.6-9.jbcs.el7
jbcs-httpd24-brotli-devel-0:1.0.6-9.jbcs.el6
jbcs-httpd24-brotli-devel-0:1.0.6-9.jbcs.el7
jbcs-httpd24-curl-0:7.64.1-21.jbcs.el6
jbcs-httpd24-curl-0:7.64.1-21.jbcs.el7
jbcs-httpd24-curl-debuginfo-0:7.64.1-21.jbcs.el6
jbcs-httpd24-curl-debuginfo-0:7.64.1-21.jbcs.el7
jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el6
jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el7
jbcs-httpd24-httpd-debuginfo-0:2.4.37-41.jbcs.el6
jbcs-httpd24-httpd-debuginfo-0:2.4.37-41.jbcs.el7
jbcs-httpd24-httpd-devel-0:2.4.37-41.jbcs.el6
jbcs-httpd24-httpd-devel-0:2.4.37-41.jbcs.el7
jbcs-httpd24-httpd-manual-0:2.4.37-41.jbcs.el6
jbcs-httpd24-httpd-manual-0:2.4.37-41.jbcs.el7
jbcs-httpd24-httpd-selinux-0:2.4.37-41.jbcs.el6
jbcs-httpd24-httpd-selinux-0:2.4.37-41.jbcs.el7
jbcs-httpd24-httpd-tools-0:2.4.37-41.jbcs.el6
jbcs-httpd24-httpd-tools-0:2.4.37-41.jbcs.el7
jbcs-httpd24-jansson-0:2.11-24.jbcs.el6
jbcs-httpd24-jansson-0:2.11-24.jbcs.el7
jbcs-httpd24-jansson-debuginfo-0:2.11-24.jbcs.el6
jbcs-httpd24-jansson-debuginfo-0:2.11-24.jbcs.el7
jbcs-httpd24-jansson-devel-0:2.11-24.jbcs.el6
jbcs-httpd24-jansson-devel-0:2.11-24.jbcs.el7
jbcs-httpd24-libcurl-0:7.64.1-21.jbcs.el6
jbcs-httpd24-libcurl-0:7.64.1-21.jbcs.el7
jbcs-httpd24-libcurl-devel-0:7.64.1-21.jbcs.el6
jbcs-httpd24-libcurl-devel-0:7.64.1-21.jbcs.el7
jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-13.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-13.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el6
jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el7
jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-8.jbcs.el6
jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-8.jbcs.el7
jbcs-httpd24-mod_jk-ap24-0:1.2.46-26.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-ap24-0:1.2.46-26.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-26.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-26.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-manual-0:1.2.46-26.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-manual-0:1.2.46-26.redhat_1.jbcs.el7
jbcs-httpd24-mod_ldap-0:2.4.37-41.jbcs.el6
jbcs-httpd24-mod_ldap-0:2.4.37-41.jbcs.el7
jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el6
jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el7
jbcs-httpd24-mod_md-debuginfo-1:2.0.8-10.jbcs.el6
jbcs-httpd24-mod_md-debuginfo-1:2.0.8-10.jbcs.el7
jbcs-httpd24-mod_proxy_html-1:2.4.37-41.jbcs.el6
jbcs-httpd24-mod_proxy_html-1:2.4.37-41.jbcs.el7
jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el6
jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el7
jbcs-httpd24-mod_security-debuginfo-0:2.9.2-20.GA.jbcs.el6
jbcs-httpd24-mod_security-debuginfo-0:2.9.2-20.GA.jbcs.el7
jbcs-httpd24-mod_session-0:2.4.37-41.jbcs.el6
jbcs-httpd24-mod_session-0:2.4.37-41.jbcs.el7
jbcs-httpd24-mod_ssl-1:2.4.37-41.jbcs.el6
jbcs-httpd24-mod_ssl-1:2.4.37-41.jbcs.el7
jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el6
jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el7
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-10.jbcs.el6
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-10.jbcs.el7
jbcs-httpd24-nghttp2-devel-0:1.39.2-10.jbcs.el6
jbcs-httpd24-nghttp2-devel-0:1.39.2-10.jbcs.el7
jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el6
jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el7
jbcs-httpd24-openssl-debuginfo-1:1.1.1c-4.jbcs.el6
jbcs-httpd24-openssl-debuginfo-1:1.1.1c-4.jbcs.el7
jbcs-httpd24-openssl-devel-1:1.1.1c-4.jbcs.el6
jbcs-httpd24-openssl-devel-1:1.1.1c-4.jbcs.el7
jbcs-httpd24-openssl-libs-1:1.1.1c-4.jbcs.el6
jbcs-httpd24-openssl-libs-1:1.1.1c-4.jbcs.el7
jbcs-httpd24-openssl-perl-1:1.1.1c-4.jbcs.el6
jbcs-httpd24-openssl-perl-1:1.1.1c-4.jbcs.el7
jbcs-httpd24-openssl-static-1:1.1.1c-4.jbcs.el6
jbcs-httpd24-openssl-static-1:1.1.1c-4.jbcs.el7
curl-0:7.61.1-12.el8
curl-debuginfo-0:7.61.1-12.el8
curl-debugsource-0:7.61.1-12.el8
curl-minimal-debuginfo-0:7.61.1-12.el8
libcurl-0:7.61.1-12.el8
libcurl-debuginfo-0:7.61.1-12.el8
libcurl-devel-0:7.61.1-12.el8
libcurl-minimal-0:7.61.1-12.el8
libcurl-minimal-debuginfo-0:7.61.1-12.el8

refmap via4

bugtraq	20200225 [SECURITY] [DSA 4633-1] curl security update
confirm	https://curl.haxx.se/docs/CVE-2019-5481.html https://security.netapp.com/advisory/ntap-20191004-0003/
debian	DSA-4633
fedora	FEDORA-2019-6d7f6fa2c8 FEDORA-2019-9e6357d82f FEDORA-2019-f2a520135e
gentoo	GLSA-202003-29
misc	https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpuoct2020.html
suse	openSUSE-SU-2019:2149 openSUSE-SU-2019:2169

Last major update

29-03-2023 - 18:41

Published

16-09-2019 - 19:15

Last modified

29-03-2023 - 18:41