Home > Vulnerability Database > CVE-2019-3822

Mend.io Vulnerability Database

CVE-2019-3822

Good to know:

Date: February 6, 2019

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Language: Python

Severity Score

7.5

Related Resources (22)

Url: https://access.redhat.com/errata/RHSA-2019:3701

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-3822

Url: http://www.securityfocus.com/bid/106950

Url: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

Url: https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E

Url: https://security-tracker.debian.org/tracker/CVE-2019-3822

Url: https://security.gentoo.org/glsa/201903-03

Url: https://usn.ubuntu.com/3882-1/

Url: https://security.netapp.com/advisory/ntap-20190719-0004/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822

Url: https://curl.haxx.se/docs/CVE-2019-3822.html

Url: https://access.redhat.com/security/cve/CVE-2019-3822

Url: https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS

Url: https://www.debian.org/security/2019/dsa-4386

Url: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Url: https://security.alpinelinux.org/vuln/CVE-2019-3822

Url: https://support.f5.com/csp/article/K84141449

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3822

Url: https://security.netapp.com/advisory/ntap-20190315-0001/

Url: https://www.mend.io/vulnerability-database/CVE-2019-3822

Url: https://www.mend.io/resources/blog/top-5-open-source-security-vulnerabilities-february-2019

Severity Score

7.5

Weakness Type (CWE)

Buffer Errors

CWE-119

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version curl-7_64_0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-3822

Good to know:

Date: February 6, 2019

Language: Python

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?