CURL-CVE-2019-3823

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2019-3823.html

Import Source

https://curl.se/docs/CURL-CVE-2019-3823.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2019-3823

Aliases

CVE-2019-3823

Published

2019-02-06T08:00:00Z

Modified

2026-05-19T09:30:06.024338944Z

Summary

SMTP end-of-response out-of-bounds read

Details

libcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP.

If the buffer passed to smtp_endofresp() is not null-terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read content is not returned to the caller.

Database specific

{
    "last_affected": "7.63.0",
    "affects": "both",
    "www": "https://curl.se/docs/CVE-2019-3823.html",
    "severity": "Low",
    "URL": "https://curl.se/docs/CVE-2019-3823.json",
    "CWE": {
        "desc": "Out-of-bounds Read",
        "id": "CWE-125"
    },
    "package": "curl"
}

References

Credits

- Brian Carpenter (Geeknik Labs) - FINDER
- Daniel Gustafsson - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.34.0

Fixed

7.64.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

2766262a68688c1dd8143f9c4be84b46c408b70a

Fixed

39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484

Affected versions

7.*

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

Other

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

Database specific

source

"https://curl.se/docs/CURL-CVE-2019-3823.json"