CVE-2019-5482 (NVD)

2019-09-16

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Products Debian_linux, Fedora, Curl, Cloud_backup, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Leap, Communications_operations_monitor, Communications_session_border_controller, Enterprise_manager_ops_center, Http_server, Hyperion_essbase, Mysql_server, Oss_support_tools
Type Out-of-bounds Write (CWE-787)
First patch - None (likely due to unavailable code)
Links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.debian.org/security/2020/dsa-4633
https://security.gentoo.org/glsa/202003-29