CVSS: 7.8EPSS: 29%CPEs: 16EXPL: 1CVE-2019-5436 – curl: TFTP receive heap buffer overflow in tftp_receive_packet() function
https://notcve.org/view.php?id=CVE-2019-5436
22 May 2019 — A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Un desbordamiento de búfer en la memoria dinámica (heap) del código de recepción TFTP, permite la ejecución de código arbitrario o una Denegación de Servicio (DoS) en las versiones de libcurl 7.19.4 hasta 7.64.1. Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting i... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 33%CPEs: 23EXPL: 1CVE-2019-3822 – curl: NTLMv2 type-3 header stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-3822
06 Feb 2019 — libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the loca... • http://www.securityfocus.com/bid/106950 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •