QwikSec

Security Database

CVE

CWE

Training

CVE-2019-3823

Published: Feb 6, 2019

Modified: Apr 15, 2026

PUBLISHED

CVSS v3.0

4.3

MEDIUM

Description

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

Vendor	Product	Versions
The curl Project	curl	affected `7.64.0`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_DEBIAN

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823

x_refsource_CONFIRM

https://curl.haxx.se/docs/CVE-2019-3823.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20190315-0001/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.

mailing-list

x_refsource_MLIST

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

x_refsource_MISC

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.