1. CVE-Search
  2. CVE-2019-3822
ID CVE-2019-3822
Summary libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.
References
Vulnerable Configurations
  • cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.42:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.42:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.55.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.55.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.55.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.55.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.56.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.56.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.56.0:*:*:*:*:*:x86:*
    cpe:2.3:a:haxx:libcurl:7.56.0:*:*:*:*:*:x86:*
  • cpe:2.3:a:haxx:libcurl:7.56.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.56.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.56.1:*:*:*:*:*:x86:*
    cpe:2.3:a:haxx:libcurl:7.56.1:*:*:*:*:*:x86:*
  • cpe:2.3:a:haxx:libcurl:7.57.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.57.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.58.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.58.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.59.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.59.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.61.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.61.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.61.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.61.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.62.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.62.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.63.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.63.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sinema_remote_connect_client:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sinema_remote_connect_client:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sinema_remote_connect_client:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sinema_remote_connect_client:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sinema_remote_connect_client:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sinema_remote_connect_client:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:5.7.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:5.7.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:5.7.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:5.7.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:5.7.28:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:5.7.28:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_server:8.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:8.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-06-2021 - 16:45)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2019:3701
rpms
  • curl-0:7.61.1-11.el8
  • curl-debuginfo-0:7.61.1-11.el8
  • curl-debugsource-0:7.61.1-11.el8
  • curl-minimal-debuginfo-0:7.61.1-11.el8
  • libcurl-0:7.61.1-11.el8
  • libcurl-debuginfo-0:7.61.1-11.el8
  • libcurl-devel-0:7.61.1-11.el8
  • libcurl-minimal-0:7.61.1-11.el8
  • libcurl-minimal-debuginfo-0:7.61.1-11.el8
refmap via4
bid 106950
confirm
debian DSA-4386
gentoo GLSA-201903-03
misc
mlist [infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.
ubuntu USN-3882-1
Last major update 15-06-2021 - 16:45
Published 06-02-2019 - 20:29
Last modified 15-06-2021 - 16:45
Back to Top