CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-3822

CVSS 9.8v3.1pub. 2019-02-06upd. 2024-11-21

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    14.0416.0418.0418.10
  • Debian

    OS
    Debian
    9.0
  • Haxx Libcurl

    APP
    Haxx
    7.36.0 – 7.64.0 (bez)
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    ≥ 7.3≥ 9.5
  • Netapp Clustered Data Ontap

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Workflow Automation

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Oracle Communications Operations Monitor

    APP
    Oracle
    3.44.0
  • Oracle Enterprise Manager Ops Center

    APP
    Oracle
    12.3.312.4.0
  • Oracle HTTP Server

    APP
    Oracle
    12.2.1.3.0
  • Oracle MySQL Server

    APP
    Oracle
    5.7.27 – 8.0.15≤ 5.7.26
  • Oracle Secure Global Desktop

    APP
    Oracle
    5.4
  • Oracle Services Tools Bundle

    APP
    Oracle
    19.2
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.0
  • Siemens Sinema Remote Connect Client

    APP
    Siemens
    ≤ 2.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki