CVE-2019-5436

High

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

hackerone·CWE-122·Published 2019-05-28

CVSS

7.8

EPSS

0.50

KEV

Exploits

cve.orgen

135 chars

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

NVDen

135 chars

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

NVDes

212 chars

Un desbordamiento de búfer en la memoria dinámica (heap) del código de recepción TFTP, permite la ejecución de código arbitrario o una Denegación de Servicio (DoS) en las versiones de libcurl 7.19.4 hasta 7.64.1.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H