Home

CVE-2019-3823

Description

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isnt NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.673

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 are affected in Curl For Windows 7.63.0Windows
Vulnerabilities CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 are fixed in Curl For Windows 7.64.0Windows
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) curl_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) curl_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) curl_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) curl_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-nss_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-nss_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-nss_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-nss_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-gnutls_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-gnutls_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-gnutls_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3648-1) libcurl3-gnutls_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) curl_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) curl_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) libcurl4_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) libcurl4_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) libcurl3-nss_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) libcurl3-nss_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) libcurl3-gnutls_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3710-1) libcurl3-gnutls_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) curl_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) curl_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) curl_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) curl_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) curl_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) curl_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl4_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl4_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-nss_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-nss_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-nss_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-nss_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-nss_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-nss_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-gnutls_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-gnutls_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-gnutls_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-gnutls_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-gnutls_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3765-1) libcurl3-gnutls_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.61.0-1ubuntu2.3_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.61.0-1ubuntu2.3_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) curl_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl4_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl4_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl4_7.61.0-1ubuntu2.3_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl4_7.61.0-1ubuntu2.3_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.61.0-1ubuntu2.3_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.61.0-1ubuntu2.3_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-nss_7.47.0-1ubuntu2.12_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.58.0-2ubuntu3.6_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.58.0-2ubuntu3.6_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.61.0-1ubuntu2.3_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.61.0-1ubuntu2.3_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.35.0-1ubuntu2.20_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.35.0-1ubuntu2.20_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.47.0-1ubuntu2.12_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3882-1) libcurl3-gnutls_7.47.0-1ubuntu2.12_amd64.debLinux
curl security update(DSA-4386-1) curl_7.52.1-5+deb9u9_i386.debLinux
curl security update(DSA-4386-1) curl_7.52.1-5+deb9u9_amd64.debLinux
SUSE-SU-2019:0249-1(SUSE Linux Enterprise Desktop 12-SP3 ) curl-7.37.0-37.34.1.x86_64.rpmLinux
SUSE-SU-2019:0249-1(SUSE Linux Enterprise Desktop 12-SP3 ) curl-debuginfo-7.37.0-37.34.1.x86_64.rpmLinux
SUSE-SU-2019:0249-1(SUSE Linux Enterprise Desktop 12-SP3 ) curl-debugsource-7.37.0-37.34.1.x86_64.rpmLinux
SUSE-SU-2019:0249-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-7.37.0-37.34.1.x86_64.rpmLinux
SUSE-SU-2019:0249-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-32bit-7.37.0-37.34.1.x86_64.rpmLinux
SUSE-SU-2019:0249-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-debuginfo-7.37.0-37.34.1.x86_64.rpmLinux
SUSE-SU-2019:0249-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcurl4-debuginfo-32bit-7.37.0-37.34.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234