CURL-CVE-2019-5435

Source
https://curl.se/docs/CVE-2019-5435.html
Import Source
https://curl.se/docs/CURL-CVE-2019-5435.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2019-5435
Aliases
Published
2019-05-22T08:00:00Z
Modified
2024-01-16T03:42:47.121741Z
Summary
Integer overflows in URL parser
Details

libcurl contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow.

The flaws only exist on 32 bit architectures and require excessive string input lengths.

References
Credits
    • Wenchao Li - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.62.0
Fixed
7.65.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.62.0
7.63.0
7.64.0
7.64.1