CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2CVE-2019-3823 – curl: SMTP end-of-response out-of-bounds read
https://notcve.org/view.php?id=CVE-2019-3823
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. libcurl, desde la versión 7.34.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites en el código que maneja el final de la respuesta para SMTP. Si el búfer que se pasa a "smtp_endofresp()" no termina en NUL, no contiene caracteres que terminen el número analizado y "len" se establece como 5, la llamada "strtol()" lee más allá del búfer asignado. Los contenidos de la lectura no se devolverán al llamante. • http://www.securityfocus.com/bid/106950 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823 https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf https://curl.haxx.se/docs/CVE-2019-3823.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.gentoo.org/glsa/201903-03 https://security.netapp.com/advisory/ntap-20190315-0001 https://usn.ubuntu • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 1CVE-2018-16890 – curl: NTLM type-2 heap out-of-bounds buffer read
https://notcve.org/view.php?id=CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites. La función que gestiona los mensajes entrantes NTLM de tipo 2 ("lib/vauth/ntlm.c:ntlm_decode_type2_target") no valida los datos entrantes correctamente y está sujeta a una vulnerabilidad de desbordamiento de enteros. • https://github.com/michelleamesquita/CVE-2018-16890 http://www.securityfocus.com/bid/106947 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2018-16890.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.netapp.com/advisory/ntap-20190315-0001 https://sup • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18607
https://notcve.org/view.php?id=CVE-2018-18607
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto un problema en elf_link_input_bfd en elflink.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Hay una desreferencia de puntero NULL en elf_link_input_bfd al emplearse para encontrar símbolos STT_TLS sin ninguna sección TLS. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/105754 https://security.netapp.com/advisory/ntap-20190307-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=23805 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=102def4da826b3d9e169741421e5e67e8731909a https://usn.ubuntu.com/4336-1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18606
https://notcve.org/view.php?id=CVE-2018-18606
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto un problema en la función merge_strings en merge.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Hay una desreferencia de puntero NULL en _bfd_add_merge_section al intentar fusionar secciones con grandes alineaciones. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/105754 https://security.netapp.com/advisory/ntap-20190307-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=23806 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45a0eaf77022963d639d6d19871dbab7b79703fc https://usn.ubuntu.com/4336-1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18605
https://notcve.org/view.php?id=CVE-2018-18605
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto un problema de sobrelectura de búfer basada en memoria dinámica (heap) en la función sec_merge_hash_lookup en merge.c en la biblioteca Binary File Descriptor (BFD) (también conocida como libbfd), tal y como se distribuye en GNU Binutils 2.31. Esto se debe a que _bfd_add_merge_section gestiona de manera incorrecta las fusiones de sección cuando el tamaño no es un múltiplo de entsize. Un ELF especialmente manipulado permite que atacantes remotos provoquen una denegación de servicio (DoS), tal y como queda demostrado con Id. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/105754 https://security.netapp.com/advisory/ntap-20190307-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=23804 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=ab419ddbb2cdd17ca83618990f2cacf904ce1d61 https://usn.ubuntu.com/4336-1 • CWE-125: Out-of-bounds Read •