CURL-CVE-2019-5482

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2019-5482.html

Import Source

https://curl.se/docs/CURL-CVE-2019-5482.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2019-5482

Aliases

CVE-2019-5482

Published

2019-09-11T08:00:00Z

Modified

2026-05-18T13:46:02.561808Z

Summary

TFTP small blocksize heap buffer overflow

Details

libcurl contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It can call recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is controlled by the server.

This flaw is only triggered if the TFTP server sends an OACK without the BLKSIZE option, when a BLKSIZE smaller than 512 bytes was requested by the TFTP client. OACK is a TFTP extension and is not used by all TFTP servers.

Users choosing a smaller block size than default should be rare as the primary use case for changing the size is to make it larger.

It is rare for users to use TFTP across the Internet. It is most commonly used within local networks. TFTP as a protocol is always inherently insecure.

This issue was introduced by the add of the TFTP BLKSIZE option handling. It was previously incompletely fixed by an almost identical issue called CVE-2019-5436.

Database specific

{
    "last_affected": "7.65.3",
    "www": "https://curl.se/docs/CVE-2019-5482.html",
    "severity": "Medium",
    "affects": "lib",
    "issue": "https://hackerone.com/reports/684603",
    "award": {
        "amount": "250",
        "currency": "USD"
    },
    "URL": "https://curl.se/docs/CVE-2019-5482.json",
    "package": "curl",
    "CWE": {
        "desc": "Heap-based Buffer Overflow",
        "id": "CWE-122"
    }
}

References

Credits

- Thomas Vegas - FINDER
- Thomas Vegas - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.19.4

Fixed

7.66.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

0516ce7786e9500c2e447d48aa9b3f24a6ca70f9

Fixed

facb0e4662415b5f28163e853dc6742ac5fafb3d

Affected versions

7.*

7.19.4

7.19.5

7.19.6

7.19.7

7.20.0

7.20.1

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

Other

curl-7_19_4

curl-7_19_5

curl-7_19_6

curl-7_19_7

curl-7_20_0

curl-7_20_1

curl-7_21_0

curl-7_21_1

curl-7_21_2

curl-7_21_3

curl-7_21_4

curl-7_21_5

curl-7_21_6

curl-7_21_7

curl-7_22_0

curl-7_23_0

curl-7_23_1

curl-7_25_0

curl-7_26_0

curl-7_27_0

curl-7_28_0

curl-7_28_1

curl-7_29_0

curl-7_30_0

curl-7_31_0

curl-7_32_0

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

curl-7_64_0

curl-7_64_1

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

Database specific

vanir_signatures_modified

"2026-05-18T13:46:02Z"

source

"https://curl.se/docs/CURL-CVE-2019-5482.json"

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "26378795614508232198728425798857561476",
                "36290248131429009214612897836516156740",
                "195795806188894590575346491925218510319",
                "75130091097905654479372453573826574823",
                "51612926351918823360108022661523269401",
                "53038026563869827042776868612940455653",
                "276303289638484063040816382551882643051",
                "269768825080449628208388722441647108423",
                "113863790703894965560039882920351410290",
                "160228325956777711014816182671650096088",
                "25602577997115592850543801912675935360",
                "296897456537287635107549586264822128766",
                "91840096202607173895659644508862930595",
                "322218235016946393323333040120323880445",
                "162319686377876185121006640540801890000",
                "18741241614788194451129722701456894612",
                "311207729584293697568126388078527307720",
                "337369751088538427782254977612691571802"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "lib/tftp.c"
        },
        "id": "CURL-CVE-2019-5482-539096be",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/curl/curl.git/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d",
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 1459.0,
            "function_hash": "326312936458881610076074265734184974109"
        },
        "target": {
            "file": "lib/tftp.c",
            "function": "tftp_connect"
        },
        "id": "CURL-CVE-2019-5482-bfb8c4a5",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/curl/curl.git/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d",
        "signature_version": "v1"
    }
]