Search for vulnerabilities
Vulnerability details: VCID-uqcv-edu5-b3ft
Vulnerability ID VCID-uqcv-edu5-b3ft
Aliases CVE-2019-5436
Summary A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-122 Heap-based Buffer Overflow
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
epss 0.29542 https://api.first.org/data/v1/epss?cve=CVE-2019-5436
cvssv3.1 Low https://curl.se/docs/CVE-2019-5436.html
cvssv3 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-5436
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5436
archlinux High https://security.archlinux.org/AVG-959
archlinux High https://security.archlinux.org/AVG-960
archlinux High https://security.archlinux.org/AVG-961
archlinux High https://security.archlinux.org/AVG-962
archlinux High https://security.archlinux.org/AVG-963
archlinux High https://security.archlinux.org/AVG-964
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json
https://api.first.org/data/v1/epss?cve=CVE-2019-5436
https://curl.haxx.se/docs/CVE-2019-5436.html
https://curl.se/docs/CVE-2019-5436.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/550696
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/
https://seclists.org/bugtraq/2020/Feb/36
https://security.gentoo.org/glsa/202003-29
https://security.netapp.com/advisory/ntap-20190606-0004/
https://support.f5.com/csp/article/K55133295
https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS
https://www.debian.org/security/2020/dsa-4633
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://www.openwall.com/lists/oss-security/2019/09/11/6
1710620 https://bugzilla.redhat.com/show_bug.cgi?id=1710620
929351 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929351
ASA-201905-11 https://security.archlinux.org/ASA-201905-11
ASA-201905-12 https://security.archlinux.org/ASA-201905-12
ASA-201905-13 https://security.archlinux.org/ASA-201905-13
ASA-201905-14 https://security.archlinux.org/ASA-201905-14
ASA-201905-15 https://security.archlinux.org/ASA-201905-15
ASA-201905-16 https://security.archlinux.org/ASA-201905-16
AVG-959 https://security.archlinux.org/AVG-959
AVG-960 https://security.archlinux.org/AVG-960
AVG-961 https://security.archlinux.org/AVG-961
AVG-962 https://security.archlinux.org/AVG-962
AVG-963 https://security.archlinux.org/AVG-963
AVG-964 https://security.archlinux.org/AVG-964
cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
CVE-2019-5436 https://nvd.nist.gov/vuln/detail/CVE-2019-5436
RHSA-2020:1020 https://access.redhat.com/errata/RHSA-2020:1020
RHSA-2020:1792 https://access.redhat.com/errata/RHSA-2020:1792
RHSA-2020:2505 https://access.redhat.com/errata/RHSA-2020:2505
USN-3993-1 https://usn.ubuntu.com/3993-1/
USN-3993-2 https://usn.ubuntu.com/3993-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-5436
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-5436
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.86211
EPSS Score 0.0303
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:41.853024+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.16/main.json 37.0.0