CVE-2019-5482

Published Sep 16, 2019
Last updated a year ago
CVSS critical 9.8
Overview

Description: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Source: support@hackerone.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-787
support@hackerone.com: CWE-122
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC006E25-E2CF-452B-8E00-573895681653",
            "versionEndIncluding": "7.65.3",
            "versionStartIncluding": "7.19.4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84",
            "versionStartIncluding": "7.3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37C50706-4EB7-4AC0-BFE2-B3929F79B5D7",
            "versionStartIncluding": "9.5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF30C76E-7E58-4D76-89A8-53405685DA86"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C416FD3-2E2F-4BBC-BD5F-F896825883F4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"
          },
          {
            "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43"
          },
          {
            "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:hyperion_essbase:11.1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9CB98F-4BF8-4A51-A949-BD951435AE9F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0AEAAA9-4B92-4FC6-BFBA-FE930C309ACE",
            "versionEndIncluding": "5.7.28",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CCFEDAE-B9B9-4B59-8DB4-FC0A0704B8D4",
            "versionEndIncluding": "8.0.18",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8252A7F5-2FB5-4E73-864D-D11F21F5EC56"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
