ID CVE-2019-5482
Summary Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
References
Vulnerable Configurations
  • cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.7-53:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.7-53:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:x86:*
    cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:x86:*
  • cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:x86:*
    cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:x86:*
  • cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.61.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.61.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.61.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.61.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.62.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.62.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.63.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.63.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.64.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.64.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.64.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.65.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.65.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.65.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.65.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.65.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.65.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.65.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.65.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_essbase:11.1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:hyperion_essbase:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:5.7.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:5.7.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:5.7.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:5.7.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:5.7.28:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:5.7.28:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:8.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:8.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:8.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:8.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-11-2021 - 19:34)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1749652
    title CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet()
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment curl is earlier than 0:7.61.1-12.el8
            oval oval:com.redhat.rhsa:tst:20201792001
          • comment curl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918012
        • AND
          • comment curl-debugsource is earlier than 0:7.61.1-12.el8
            oval oval:com.redhat.rhsa:tst:20201792003
          • comment curl-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193701004
        • AND
          • comment libcurl is earlier than 0:7.61.1-12.el8
            oval oval:com.redhat.rhsa:tst:20201792005
          • comment libcurl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918014
        • AND
          • comment libcurl-devel is earlier than 0:7.61.1-12.el8
            oval oval:com.redhat.rhsa:tst:20201792007
          • comment libcurl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918016
        • AND
          • comment libcurl-minimal is earlier than 0:7.61.1-12.el8
            oval oval:com.redhat.rhsa:tst:20201792009
          • comment libcurl-minimal is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193701010
    rhsa
    id RHSA-2020:1792
    released 2020-04-28
    severity Moderate
    title RHSA-2020:1792: curl security update (Moderate)
  • bugzilla
    id 1836773
    title POST followed by a GET with large headers on the same connection leads to a NULL dereference
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment curl is earlier than 0:7.29.0-59.el7
            oval oval:com.redhat.rhsa:tst:20203916001
          • comment curl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918012
        • AND
          • comment libcurl is earlier than 0:7.29.0-59.el7
            oval oval:com.redhat.rhsa:tst:20203916003
          • comment libcurl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918014
        • AND
          • comment libcurl-devel is earlier than 0:7.29.0-59.el7
            oval oval:com.redhat.rhsa:tst:20203916005
          • comment libcurl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918016
    rhsa
    id RHSA-2020:3916
    released 2020-09-29
    severity Moderate
    title RHSA-2020:3916: curl security update (Moderate)
rpms
  • jbcs-httpd24-apr-0:1.6.3-73.jbcs.el6
  • jbcs-httpd24-apr-0:1.6.3-73.jbcs.el7
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-73.jbcs.el6
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-73.jbcs.el7
  • jbcs-httpd24-apr-devel-0:1.6.3-73.jbcs.el6
  • jbcs-httpd24-apr-devel-0:1.6.3-73.jbcs.el7
  • jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-debuginfo-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-debuginfo-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-devel-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-devel-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-ldap-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-ldap-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-mysql-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-mysql-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-nss-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-nss-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-odbc-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-odbc-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-openssl-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-openssl-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-pgsql-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-pgsql-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-apr-util-sqlite-0:1.6.1-54.jbcs.el6
  • jbcs-httpd24-apr-util-sqlite-0:1.6.1-54.jbcs.el7
  • jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el6
  • jbcs-httpd24-brotli-0:1.0.6-9.jbcs.el7
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-9.jbcs.el6
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-9.jbcs.el7
  • jbcs-httpd24-brotli-devel-0:1.0.6-9.jbcs.el6
  • jbcs-httpd24-brotli-devel-0:1.0.6-9.jbcs.el7
  • jbcs-httpd24-curl-0:7.64.1-21.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-21.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-21.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-21.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-jansson-0:2.11-24.jbcs.el6
  • jbcs-httpd24-jansson-0:2.11-24.jbcs.el7
  • jbcs-httpd24-jansson-debuginfo-0:2.11-24.jbcs.el6
  • jbcs-httpd24-jansson-debuginfo-0:2.11-24.jbcs.el7
  • jbcs-httpd24-jansson-devel-0:2.11-24.jbcs.el6
  • jbcs-httpd24-jansson-devel-0:2.11-24.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-21.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-21.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-21.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-21.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-13.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-13.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-13.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.11.3-8.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-8.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-8.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.46-26.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.46-26.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-26.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-26.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.46-26.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.46-26.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el6
  • jbcs-httpd24-mod_md-1:2.0.8-10.jbcs.el7
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-10.jbcs.el6
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-10.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-41.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-41.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-20.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-20.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-20.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-41.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-41.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-41.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-41.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-10.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-10.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-10.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-10.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-10.jbcs.el7
  • jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el6
  • jbcs-httpd24-openssl-1:1.1.1c-4.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1c-4.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1c-4.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.1.1c-4.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.1.1c-4.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.1.1c-4.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.1.1c-4.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.1.1c-4.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.1.1c-4.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.1.1c-4.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.1.1c-4.jbcs.el7
  • curl-0:7.61.1-12.el8
  • curl-debuginfo-0:7.61.1-12.el8
  • curl-debugsource-0:7.61.1-12.el8
  • curl-minimal-debuginfo-0:7.61.1-12.el8
  • libcurl-0:7.61.1-12.el8
  • libcurl-debuginfo-0:7.61.1-12.el8
  • libcurl-devel-0:7.61.1-12.el8
  • libcurl-minimal-0:7.61.1-12.el8
  • libcurl-minimal-debuginfo-0:7.61.1-12.el8
  • curl-0:7.29.0-59.el7
  • curl-debuginfo-0:7.29.0-59.el7
  • libcurl-0:7.29.0-59.el7
  • libcurl-devel-0:7.29.0-59.el7
refmap via4
bugtraq 20200225 [SECURITY] [DSA 4633-1] curl security update
confirm
debian DSA-4633
fedora
  • FEDORA-2019-6d7f6fa2c8
  • FEDORA-2019-9e6357d82f
  • FEDORA-2019-f2a520135e
gentoo GLSA-202003-29
misc
suse
  • openSUSE-SU-2019:2149
  • openSUSE-SU-2019:2169
Last major update 03-11-2021 - 19:34
Published 16-09-2019 - 19:15
Last modified 03-11-2021 - 19:34
Back to Top