Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2b39-ubrt-hkc6
Vulnerability ID VCID-2b39-ubrt-hkc6
Aliases CVE-2019-5436
Summary Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3.1 7.8 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
cvssv3.1 7.8 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json
epss 0.11139 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.11139 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.11139 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.11139 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.11139 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.11139 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.11139 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.13273 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.13273 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.13273 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.13581 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.13581 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
cvssv3.1 7.8 https://curl.haxx.se/docs/CVE-2019-5436.html
ssvc Track https://curl.haxx.se/docs/CVE-2019-5436.html
cvssv3.1 Low https://curl.se/docs/CVE-2019-5436.html
cvssv3 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
cvssv3.1 7.8 https://seclists.org/bugtraq/2020/Feb/36
ssvc Track https://seclists.org/bugtraq/2020/Feb/36
archlinux High https://security.archlinux.org/AVG-959
archlinux High https://security.archlinux.org/AVG-960
archlinux High https://security.archlinux.org/AVG-961
archlinux High https://security.archlinux.org/AVG-962
archlinux High https://security.archlinux.org/AVG-963
archlinux High https://security.archlinux.org/AVG-964
cvssv3.1 7.8 https://security.gentoo.org/glsa/202003-29
ssvc Track https://security.gentoo.org/glsa/202003-29
cvssv3.1 7.8 https://security.netapp.com/advisory/ntap-20190606-0004/
ssvc Track https://security.netapp.com/advisory/ntap-20190606-0004/
cvssv3.1 7.8 https://support.f5.com/csp/article/K55133295
ssvc Track https://support.f5.com/csp/article/K55133295
cvssv3.1 7.8 https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS
ssvc Track https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS
cvssv3.1 7.8 https://www.debian.org/security/2020/dsa-4633
ssvc Track https://www.debian.org/security/2020/dsa-4633
cvssv3.1 7.8 https://www.oracle.com/security-alerts/cpuapr2020.html
ssvc Track https://www.oracle.com/security-alerts/cpuapr2020.html
cvssv3.1 7.8 https://www.oracle.com/security-alerts/cpuoct2020.html
ssvc Track https://www.oracle.com/security-alerts/cpuoct2020.html
cvssv3.1 7.8 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
ssvc Track https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2019/09/11/6
ssvc Track http://www.openwall.com/lists/oss-security/2019/09/11/6
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json
https://api.first.org/data/v1/epss?cve=CVE-2019-5436
https://curl.se/docs/CVE-2019-5436.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/550696
1710620 https://bugzilla.redhat.com/show_bug.cgi?id=1710620
6 http://www.openwall.com/lists/oss-security/2019/09/11/6
929351 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929351
ASA-201905-11 https://security.archlinux.org/ASA-201905-11
ASA-201905-12 https://security.archlinux.org/ASA-201905-12
ASA-201905-13 https://security.archlinux.org/ASA-201905-13
ASA-201905-14 https://security.archlinux.org/ASA-201905-14
ASA-201905-15 https://security.archlinux.org/ASA-201905-15
ASA-201905-16 https://security.archlinux.org/ASA-201905-16
AVG-959 https://security.archlinux.org/AVG-959
AVG-960 https://security.archlinux.org/AVG-960
AVG-961 https://security.archlinux.org/AVG-961
AVG-962 https://security.archlinux.org/AVG-962
AVG-963 https://security.archlinux.org/AVG-963
AVG-964 https://security.archlinux.org/AVG-964
CVE-2019-5436.html https://curl.haxx.se/docs/CVE-2019-5436.html
GLSA-202003-29 https://security.gentoo.org/glsa/202003-29
K55133295 https://support.f5.com/csp/article/K55133295
K55133295?utm_source=f5support&amp%3Butm_medium=RSS https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS
msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
msg00017.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
ntap-20190606-0004 https://security.netapp.com/advisory/ntap-20190606-0004/
RHSA-2020:1020 https://access.redhat.com/errata/RHSA-2020:1020
RHSA-2020:1792 https://access.redhat.com/errata/RHSA-2020:1792
RHSA-2020:2505 https://access.redhat.com/errata/RHSA-2020:2505
SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
USN-3993-1 https://usn.ubuntu.com/3993-1/
USN-3993-2 https://usn.ubuntu.com/3993-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://curl.haxx.se/docs/CVE-2019-5436.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://curl.haxx.se/docs/CVE-2019-5436.html
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://seclists.org/bugtraq/2020/Feb/36
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://seclists.org/bugtraq/2020/Feb/36
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202003-29
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://security.gentoo.org/glsa/202003-29
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20190606-0004/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://security.netapp.com/advisory/ntap-20190606-0004/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://support.f5.com/csp/article/K55133295
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://support.f5.com/csp/article/K55133295
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2020/dsa-4633
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://www.debian.org/security/2020/dsa-4633
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://www.oracle.com/security-alerts/cpuapr2020.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2019/09/11/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/ Found at http://www.openwall.com/lists/oss-security/2019/09/11/6
Exploit Prediction Scoring System (EPSS)
Percentile 0.93439
EPSS Score 0.11139
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:46.908046+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202003-29 38.0.0