ID

VAR-201905-0095


CVE

CVE-2019-5436


TITLE

libcurl Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004875

DESCRIPTION

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. curl/libcURL is prone a heap-based buffer-overflow vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. libcurl versions 7.19.4 through 7.64.1 are vulnerable. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. ========================================================================== Ubuntu Security Notice USN-3993-1 May 22, 2019 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in curl. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. (CVE-2019-5436) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: curl 7.64.0-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 libcurl3-nss 7.64.0-2ubuntu1.1 libcurl4 7.64.0-2ubuntu1.1 Ubuntu 18.10: curl 7.61.0-1ubuntu2.4 libcurl3-gnutls 7.61.0-1ubuntu2.4 libcurl3-nss 7.61.0-1ubuntu2.4 libcurl4 7.61.0-1ubuntu2.4 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.7 libcurl3-gnutls 7.58.0-2ubuntu3.7 libcurl3-nss 7.58.0-2ubuntu3.7 libcurl4 7.58.0-2ubuntu3.7 Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.13 libcurl3 7.47.0-1ubuntu2.13 libcurl3-gnutls 7.47.0-1ubuntu2.13 libcurl3-nss 7.47.0-1ubuntu2.13 In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64 3. This only affects the oldstable distribution (stretch). CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. For the oldstable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u10. For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u1. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi RyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5 eQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU aP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU G86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F tR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7 KLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e qVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH ZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj KbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW G9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30 KqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b -----END PGP SIGNATURE----- . Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: curl security and bug fix update Advisory ID: RHSA-2020:1020-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1020 Issue date: 2020-03-31 CVE Names: CVE-2019-5436 ===================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function 1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice 1769307 - curl fails while attempting to POST a char device 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: curl-7.29.0-57.el7.src.rpm x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: curl-7.29.0-57.el7.src.rpm x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: curl-7.29.0-57.el7.src.rpm ppc64: curl-7.29.0-57.el7.ppc64.rpm curl-debuginfo-7.29.0-57.el7.ppc.rpm curl-debuginfo-7.29.0-57.el7.ppc64.rpm libcurl-7.29.0-57.el7.ppc.rpm libcurl-7.29.0-57.el7.ppc64.rpm libcurl-devel-7.29.0-57.el7.ppc.rpm libcurl-devel-7.29.0-57.el7.ppc64.rpm ppc64le: curl-7.29.0-57.el7.ppc64le.rpm curl-debuginfo-7.29.0-57.el7.ppc64le.rpm libcurl-7.29.0-57.el7.ppc64le.rpm libcurl-devel-7.29.0-57.el7.ppc64le.rpm s390x: curl-7.29.0-57.el7.s390x.rpm curl-debuginfo-7.29.0-57.el7.s390.rpm curl-debuginfo-7.29.0-57.el7.s390x.rpm libcurl-7.29.0-57.el7.s390.rpm libcurl-7.29.0-57.el7.s390x.rpm libcurl-devel-7.29.0-57.el7.s390.rpm libcurl-devel-7.29.0-57.el7.s390x.rpm x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: curl-7.29.0-57.el7.src.rpm x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z qwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr u+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP MvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q 9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r JcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+ hJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T N0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc bgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/ cBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7 0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ M95S58Xnb8U= =UHVC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Additional Changes: This update also fixes several bugs and adds various enhancements. This advisory contains the following OpenShift Virtualization 2.4.0 images: RHEL-7-CNV-2.4 ============== kubevirt-ssp-operator-container-v2.4.0-71 RHEL-8-CNV-2.4 ============== virt-cdi-controller-container-v2.4.0-29 virt-cdi-uploadproxy-container-v2.4.0-29 hostpath-provisioner-container-v2.4.0-25 virt-cdi-operator-container-v2.4.0-29 kubevirt-metrics-collector-container-v2.4.0-18 cnv-containernetworking-plugins-container-v2.4.0-36 kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18 hostpath-provisioner-operator-container-v2.4.0-31 virt-cdi-uploadserver-container-v2.4.0-29 virt-cdi-apiserver-container-v2.4.0-29 virt-controller-container-v2.4.0-58 virt-cdi-cloner-container-v2.4.0-29 kubevirt-template-validator-container-v2.4.0-21 vm-import-operator-container-v2.4.0-21 kubernetes-nmstate-handler-container-v2.4.0-37 node-maintenance-operator-container-v2.4.0-27 virt-operator-container-v2.4.0-58 kubevirt-v2v-conversion-container-v2.4.0-23 cnv-must-gather-container-v2.4.0-73 virtio-win-container-v2.4.0-15 kubevirt-cpu-node-labeller-container-v2.4.0-19 ovs-cni-plugin-container-v2.4.0-37 kubevirt-vmware-container-v2.4.0-21 hyperconverged-cluster-operator-container-v2.4.0-70 virt-handler-container-v2.4.0-58 virt-cdi-importer-container-v2.4.0-29 virt-launcher-container-v2.4.0-58 kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17 virt-api-container-v2.4.0-58 ovs-cni-marker-container-v2.4.0-38 kubemacpool-container-v2.4.0-39 cluster-network-addons-operator-container-v2.4.0-38 bridge-marker-container-v2.4.0-39 vm-import-controller-container-v2.4.0-21 hco-bundle-registry-container-v2.3.0-497 3. Bugs fixed (https://bugzilla.redhat.com/): 1684772 - virt-launcher images do not have the edk2-ovmf package installed 1716329 - missing Status, Version and Label for a number of CNV components, and Status term inconsistency 1724978 - [RFE][v2v] Improve the way we display progress percent in UI 1725672 - CDI: getting error with "unknown reason" when trying to create UploadTokenRequest for a none existing pvc 1727117 - [RFE] Reduce installed libvirt components 1780473 - Delete VM is hanging if the corresponding template does not exist anymore 1787213 - KubeMacpool may not work from time to time since it is skipped when we face certificate issue. 1789564 - Failed to allocate a SRIOV VF to VMI 1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent 1796342 - VM Failing to start since hard disk not ready 1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue) 1805044 - No mem/filesystem/Network Utilization in VM overview 1806288 - [CDI] fails to import images that comes from url that reject HEAD requests 1806436 - [SSP] Windows common templates - Windows10 should be removed from windows-server* templates, windows-server* should not have desktop version 1811111 - All the VM templates are visible in the developer catalog but not really/easily instantiable 1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state) 1816518 - [SSP] Common templates - template name under objects -> metadata -> labels should be identical to the template actual name 1817080 - node maintenance CRD is marked with NonStructuralSchema condition 1819252 - kubevirt-ssp-operator cannot create ServiceMonitor object 1820651 - CDI import fails using block volume (available size -1) 1821209 - Debug log message looks unprofessional 1822079 - nmstate-handler fails to start and keeps restarting 1822315 - status.desiredState: doesn't pick the correct value and is null 1823342 - Invalid qcow2 image causes HTTP range error and difficult to read stack trace 1823699 - [CNV-2.4] Failing to deploy NetworkAddons 1823701 - [CNV-2.4] when a single component is failing, HCO can continue reporting outdated negative conditions also on other components 1825801 - [CNV-2.4] Failing to deploy due issues in CRD of cluster network operator 1826044 - [CNV-2.4] Failing to deploy due issues in CRD of cluster host-path-provisioner operator 1827257 - VMs' connectivity is available even the two VMs are in different vlan 1828401 - misconfigured prow job e2e-aws-4.5-cnv resulting in step e2e-aws failed: step needs a lease but no lease client provided 1829376 - VMs with blank block volumes fail to spin up 1830780 - virt-v2v-wrapper - 0% VM migration progress in UI 1831536 - kubevirt-{handler,apiserver,controller} service accounts added to the privileged SCC 1832179 - [virt] VM with runStrategy attribute (instead of 'running' attribute) does not have 'RUNNING' state in cli 1832283 - [SSP operator] Common templates and template_validator are missing after clean installation 1832291 - SSP installation is successful even with some components missing 1832769 - [kubevirt version] is not reported correctly 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1833376 - Hardcoded VMware-vix-disklib version 6 - import fail with version 7 1833786 - kubevirt hyperconverged-cluster-operator deploy_marketplace.sh fails in disconnected cluster 1834253 - VMs are stuck in Starting state 1835242 - Can't query SSP CRs after upgrade from 2.3 to 2.4 1835426 - [RFE] Provide a clear error message when VM and VMI name does not match 1836792 - [CNV deployment] kubevirt components are missing 1837182 - VMI virt-launcher reaches Error state after running for 10-24 hours 1837670 - Specifying "Ubuntu 18.04 LTS" force the Conroe CPU model 1838066 - [CNV deployment] kubevirt failing to create cpu-plugin-configmap obsoleteCPUs 1838424 - [Installation] CNV 2.4.0 virt-handler and kubevirt-node-labeller pods are not showing up 1839982 - [CNV][DOC] Lack of explanation for StorageClass default accessMode in openshift-cnv kubevirt-storage-class-defaults 1840047 - [CNV-2.4] virt-handler failing on /usr/bin/container-disk: no such file or directory 1840220 - [CNV-2.4] node-maintenance-operator failing to create deployment - invalid format of manifest 1840652 - Upgrade indication is missing 1841065 - [v2v] RHV to CNV: VM import fail on network mapping validation 1841325 - [CNV][V2V] VM migration fails if VMWare host isn't under Cluster but directly under Datacenter 1841505 - [CNV-2.4] virt-template-validator container fails to start 1842869 - vmi cannot be scheduled, because node labeller doesn't report correct labels 1842958 - [SSP] Fail to create Windows VMs from templates - windows-cd-bus validation added but cdrom is missing from the template 1843219 - node-labeller SCC is privileged, which appears too relaxed 1843456 - virt-launcher goes from running to error state due to panic: timed out waiting for domain to be defined 1843467 - [CNV network KMP] kubemacpool causes worker node to be Ready,SchedulingDisabled 1843519 - HCO CR is not listed when running "kubectl get all" from command line 1843948 - [Network operator] Upgrade from 2.3 to 2.4 - Network operator fails to upgrade ovs-cni pods, upgrade is not completed 1844057 - [CNV-2.4] cluster-network-addons-operator failing to start 1844105 - [SSP operator] Upgrade from 2.3.0 to 2.4.0- SSP operator fails to upgrade node labeller and template validator 1844907 - kubemacpool deployment status errors regarding replicas 1845060 - Node-labeller is in pending state when node doesn't have kvm device 1845061 - Version displayed in Container Native Virtualization OperatorHub side panel 1845477 - [SSP] Template validator fails to "Extract the CA bundle"; template validator is not called when a VM is created 1845557 - [CNV-2.4] template validator webhook fails with certification issues 1845604 - [v2v] RHV to CNV VM import: Prevent a second vm-import from starting. 1845899 - [CNV-2.5] cluster-network-addons-operator failing to start 1845901 - Filesystem corruption related to smart clone 1847070 - vmi cannot be scheduled , qemu-kvm core dump 1847594 - pods in openshift-cnv namespace no longer have openshift.io/scc under metadata.annotations 1848004 - [CNV-2.5] Deployment fails on NetworkAddonsConfigNotAvailable 1848007 - [CNV-2.4] Deployment fails on NetworkAddonsConfigNotAvailable 1848951 - CVE-2020-14316 kubevirt: VMIs can be used to access host files 1849527 - [v2v] [api] VM import RHV to CNV importer should stop send requests to RHV if they are rejected because of wrong user/pass 1849915 - [v2v] VM import RHV to CNV: The timezone data is not available in the vm-import-controller image. 1850425 - [v2v][VM import RHV to CNV] Add validation for network target type in network mapping 1850467 - [v2v] [api] VM import RHV to CNV invalid target network type should not crash the controller 1850482 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod. 1850937 - kubemacpool fails in a specific order of components startup 1851856 - Deployment not progressing due to PriorityClass missing 1851886 - [CNV][V2V] VMWare pod is failing when running wizard to migrate from RHV 1852446 - [v2v][RHV to CNV VM import] Windows10 VM import fail on: timezone is not UTC-compatible 1853028 - CNV must-gather failure on CNV-QE BM-RHCOS environment 1853133 - [CNV-2.4] Deployment fails on KubeVirtMetricsAggregationNotAvailable 1853373 - virtctl image-upload fails to upload an image if the dv name includes a "." 1854419 - [Re-brand] Align CSV 1854744 - To stabilize some tests I need to backport PRs which change production code 1855256 - [v2v][RHV to CNV VM import] Empty directories created for vm-import-operator/controller logs in cnv-must-gather 1856438 - [CNAO] Upgrade is not completed (wrong operatorVersion), CR is not updated. 1856447 - CNV upgrade - HCO fails to identify wrong observedVersion in CR, HCO is reported as READY 1856979 - Domain notify errors break VMI migrations and graceful shutdown 5

Trust: 2.7

sources: NVD: CVE-2019-5436 // JVNDB: JVNDB-2019-004875 // BID: 108435 // VULHUB: VHN-156871 // VULMON: CVE-2019-5436 // PACKETSTORM: 153010 // PACKETSTORM: 153003 // PACKETSTORM: 158035 // PACKETSTORM: 156523 // PACKETSTORM: 159727 // PACKETSTORM: 156986 // PACKETSTORM: 158637

AFFECTED PRODUCTS

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:42.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:5.7.28

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.17

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:haxxmodel:libcurlscope:lteversion:7.64.1

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0

Trust: 1.0

vendor:f5model:traffix signaling delivery controllerscope:lteversion:5.1.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.27

Trust: 1.0

vendor:oraclemodel:oss support toolsscope:eqversion:20.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.19.4

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:f5model:traffix signaling delivery controllerscope:gteversion:5.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.4 to 7.64.1

Trust: 0.8

vendor:ubuntumodel:linuxscope:eqversion:19.04

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:18.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:18.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux esmscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux esmscope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:8

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.64.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.64

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.63

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.62

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.61.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.61

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.60

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.59

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.58

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.57

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.56.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.56

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.55.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.54.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.54

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.53.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.53

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.52

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.51

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50.3

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50.2

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.47

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.46

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.43

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.42.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.36

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.34

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.33

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.32

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.31

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.30

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.25

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.23

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.22

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.20

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.19.6

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.19.5

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.19.4

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.55.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.52.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.49.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.48.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.42.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.41.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.40.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.39

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.38.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.37.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.37.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.35.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.29.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.28.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.28.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.27.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.26.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.24.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.23.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21.7

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21.6

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21.5

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21.4

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21.3

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21.2

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.21.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.20.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.19.7

Trust: 0.3

vendor:haxxmodel:libcurlscope:neversion:7.65

Trust: 0.3

sources: BID: 108435 // JVNDB: JVNDB-2019-004875 // NVD: CVE-2019-5436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5436
value: HIGH

Trust: 1.0

NVD: CVE-2019-5436
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-933
value: HIGH

Trust: 0.6

VULHUB: VHN-156871
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-5436
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5436
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-156871
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5436
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5436
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-156871 // VULMON: CVE-2019-5436 // JVNDB: JVNDB-2019-004875 // CNNVD: CNNVD-201905-933 // NVD: CVE-2019-5436

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-156871 // JVNDB: JVNDB-2019-004875 // NVD: CVE-2019-5436

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-933

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-933

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004875

PATCH

title:TFTP receive buffer overflowurl:https://curl.haxx.se/docs/CVE-2019-5436.html

Trust: 0.8

title:Haxx libcurl Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92898

Trust: 0.6

title:Red Hat: Low: curl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202505 - Security Advisory

Trust: 0.1

title:Red Hat: Low: curl security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201020 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: curl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201792 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: curl vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3993-2

Trust: 0.1

title:Ubuntu Security Notice: curl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3993-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: curl: CVE-2019-5436: TFTP receive buffer overflowurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=af8cb489ed21fcca996e119afe1e5163

Trust: 0.1

title:Debian CVElist Bug Report Logs: curl: CVE-2019-5435: Integer overflows in curl_url_seturl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=fae65389c96796d30251ace6eb631de7

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-16] curl: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-16

Trust: 0.1

title:Debian Security Advisories: DSA-4633-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=13ee33e4932409d819a833a7d96f2574

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-12] libcurl-gnutls: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-12

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-11] libcurl-compat: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-11

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1233url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1233

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-5436

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1233url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1233

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-15] lib32-curl: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-15

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-14] lib32-libcurl-compat: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-14

Trust: 0.1

title:Arch Linux Advisories: [ASA-201905-13] lib32-libcurl-gnutls: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201905-13

Trust: 0.1

title:Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203194 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:cveurl:https://github.com/michwqy/cve

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2019-5436 // JVNDB: JVNDB-2019-004875 // CNNVD: CNNVD-201905-933

EXTERNAL IDS

db:NVDid:CVE-2019-5436

Trust: 3.6

db:OPENWALLid:OSS-SECURITY/2019/09/11/6

Trust: 1.8

db:BIDid:108435

Trust: 1.1

db:PACKETSTORMid:158035

Trust: 0.8

db:PACKETSTORMid:156523

Trust: 0.8

db:JVNDBid:JVNDB-2019-004875

Trust: 0.8

db:CNNVDid:CNNVD-201905-933

Trust: 0.7

db:PACKETSTORMid:157425

Trust: 0.7

db:PACKETSTORMid:153003

Trust: 0.7

db:AUSCERTid:ESB-2019.1874

Trust: 0.6

db:AUSCERTid:ESB-2020.2033

Trust: 0.6

db:AUSCERTid:ESB-2020.0651

Trust: 0.6

db:AUSCERTid:ESB-2020.1494

Trust: 0.6

db:AUSCERTid:ESB-2020.1177

Trust: 0.6

db:AUSCERTid:ESB-2019.1837

Trust: 0.6

db:AUSCERTid:ESB-2019.4380

Trust: 0.6

db:AUSCERTid:ESB-2019.4780

Trust: 0.6

db:AUSCERTid:ESB-2020.3700

Trust: 0.6

db:AUSCERTid:ESB-2020.2593

Trust: 0.6

db:PACKETSTORMid:153051

Trust: 0.6

db:PACKETSTORMid:156753

Trust: 0.6

db:PACKETSTORMid:156986

Trust: 0.2

db:PACKETSTORMid:153010

Trust: 0.2

db:VULHUBid:VHN-156871

Trust: 0.1

db:VULMONid:CVE-2019-5436

Trust: 0.1

db:PACKETSTORMid:159727

Trust: 0.1

db:PACKETSTORMid:158637

Trust: 0.1

sources: VULHUB: VHN-156871 // VULMON: CVE-2019-5436 // BID: 108435 // JVNDB: JVNDB-2019-004875 // PACKETSTORM: 153010 // PACKETSTORM: 153003 // PACKETSTORM: 158035 // PACKETSTORM: 156523 // PACKETSTORM: 159727 // PACKETSTORM: 156986 // PACKETSTORM: 158637 // CNNVD: CNNVD-201905-933 // NVD: CVE-2019-5436

REFERENCES

url:https://curl.haxx.se/docs/cve-2019-5436.html

Trust: 2.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5436

Trust: 1.9

url:https://seclists.org/bugtraq/2020/feb/36

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190606-0004/

Trust: 1.8

url:https://support.f5.com/csp/article/k55133295

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4633

Trust: 1.8

url:https://security.gentoo.org/glsa/202003-29

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2019/09/11/6

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html

Trust: 1.8

url:http://www.securityfocus.com/bid/108435

Trust: 1.3

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/

Trust: 1.1

url:https://support.f5.com/csp/article/k55133295?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.1

url:http://curl.haxx.se/

Trust: 0.9

url:https://seclists.org/oss-sec/2019/q2/124

Trust: 0.9

url:https://usn.ubuntu.com/3993-1

Trust: 0.9

url:https://usn.ubuntu.com/3993-2

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5436

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-5436

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-5436cve-2019-5436curl:tftpreceiveheapbufferoverflowintftp_receive_packet()function

Trust: 0.6

url:https://support.f5.com/csp/article/k55133295?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1108041

Trust: 0.6

url:https://usn.ubuntu.com/3993-1/

Trust: 0.6

url:https://lists.debian.org/debian-lts-announce/2019/05/msg00036.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3700/

Trust: 0.6

url:https://packetstormsecurity.com/files/156523/debian-security-advisory-4633-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143490

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2593/

Trust: 0.6

url:https://packetstormsecurity.com/files/153003/ubuntu-security-notice-usn-3993-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2033/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1874/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0651/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4780/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-multiple-vulnerabilities-29382

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4380/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1837/

Trust: 0.6

url:https://packetstormsecurity.com/files/153051/slackware-security-advisory-curl-updates.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157425/red-hat-security-advisory-2020-1792-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1494/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1177/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/

Trust: 0.6

url:https://packetstormsecurity.com/files/156753/gentoo-linux-security-advisory-202003-29.html

Trust: 0.6

url:https://packetstormsecurity.com/files/158035/red-hat-security-advisory-2020-2505-01.html

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:cve-2019-5436 curl: tftp receive heap buffer overflow in tftp_receive_packet() function

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2020:2505

Trust: 0.2

url:https://usn.ubuntu.com/usn/usn-3993-1

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12448

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-1549

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-9251

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17451

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20060

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19519

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-1547

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20060

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13752

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11324

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-1010204

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11324

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11236

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5481

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12447

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12049

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19519

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13753

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12447

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3844

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-1010180

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3825

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-18074

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20337

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19923

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14404

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12449

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8457

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15847

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11236

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19924

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14404

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010204

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-1563

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16056

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20337

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-18074

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19959

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3843

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010180

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12449

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-9251

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12448

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11008

Trust: 0.2

url:https://support.f5.com/csp/article/k55133295?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=60232

Trust: 0.1

url:https://usn.ubuntu.com/3993-2/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3993-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.64.0-2ubuntu1.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5435

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.13

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5482

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8768

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8611

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8203

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8676

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11070

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7664

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8607

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12052

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15366

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8536

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8671

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8544

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8571

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8677

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8619

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4298

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8622

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7598

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8523

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6237

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6706

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8687

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13822

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5953

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8689

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12245

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8726

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8610

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13636

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10739

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11110

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8609

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8597

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11080

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10754

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-7263

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8616

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1549

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14563

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1563

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16056

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3194

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13752

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13753

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7263

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10757

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10768

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14316

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12653

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10767

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12654

Trust: 0.1

sources: VULHUB: VHN-156871 // VULMON: CVE-2019-5436 // BID: 108435 // JVNDB: JVNDB-2019-004875 // PACKETSTORM: 153010 // PACKETSTORM: 153003 // PACKETSTORM: 158035 // PACKETSTORM: 156523 // PACKETSTORM: 159727 // PACKETSTORM: 156986 // PACKETSTORM: 158637 // CNNVD: CNNVD-201905-933 // NVD: CVE-2019-5436

CREDITS

Ubuntu,Debian,Red Hat,Slackware Security Team,l00p3r.,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201905-933

SOURCES

db:VULHUBid:VHN-156871
db:VULMONid:CVE-2019-5436
db:BIDid:108435
db:JVNDBid:JVNDB-2019-004875
db:PACKETSTORMid:153010
db:PACKETSTORMid:153003
db:PACKETSTORMid:158035
db:PACKETSTORMid:156523
db:PACKETSTORMid:159727
db:PACKETSTORMid:156986
db:PACKETSTORMid:158637
db:CNNVDid:CNNVD-201905-933
db:NVDid:CVE-2019-5436

LAST UPDATE DATE

2024-12-20T21:58:17.358000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-156871date:2020-10-20T00:00:00
db:VULMONid:CVE-2019-5436date:2023-11-07T00:00:00
db:BIDid:108435date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2019-004875date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201905-933date:2021-03-18T00:00:00
db:NVDid:CVE-2019-5436date:2024-11-21T04:44:55.937

SOURCES RELEASE DATE

db:VULHUBid:VHN-156871date:2019-05-28T00:00:00
db:VULMONid:CVE-2019-5436date:2019-05-28T00:00:00
db:BIDid:108435date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2019-004875date:2019-06-11T00:00:00
db:PACKETSTORMid:153010date:2019-05-22T23:23:23
db:PACKETSTORMid:153003date:2019-05-22T14:39:56
db:PACKETSTORMid:158035date:2020-06-11T16:34:00
db:PACKETSTORMid:156523date:2020-02-25T15:20:44
db:PACKETSTORMid:159727date:2020-10-27T16:59:02
db:PACKETSTORMid:156986date:2020-03-31T19:42:22
db:PACKETSTORMid:158637date:2020-07-29T00:06:36
db:CNNVDid:CNNVD-201905-933date:2019-05-22T00:00:00
db:NVDid:CVE-2019-5436date:2019-05-28T19:29:06.127