CVE-2019-5436

Published: 22 May 2019

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
Upstream
Released (7.65.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (7.58.0-2ubuntu3.7)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (7.47.0-1ubuntu2.13)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (7.35.0-1ubuntu2.20+esm2)