Bugzilla – Bug 1123378
VUL-1: CVE-2019-3823: curl: SMTP end-of-response out-of-bounds read
Last modified: 2019-05-16 19:05:20 UTC
CVE-2019-3823
is public now SMTP end-of-response out-of-bounds read ======================================= Project curl Security Advisory, February 6th 2019 - [Permalink](https://curl.haxx.se/docs/CVE-2019-3823.html) VULNERABILITY ------------- libcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. We are not aware of any exploit of this flaw. INFO ---- This bug was introduced in October 2013 in [commit 2766262a68](https://github.com/curl/curl/commit/2766262a68). The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2019-3823 to this issue. CWE-125: Out-of-bounds Read Severity: 3.7 (Low) AFFECTED VERSIONS ----------------- - Affected versions: libcurl 7.34.0 to and including 7.63.0 - Not affected versions: libcurl < 7.34.0 libcurl is used by many applications, but not always advertised as such. THE SOLUTION ------------ A [patch for CVE-2019-3823](https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484) is available. RECOMMENDATIONS -------------- We suggest you take one of the following actions immediately, in order of preference: A - Upgrade curl to version 7.64.0 B - Apply the patch to your version and rebuild C - Turn off SMTP TIMELINE -------- The issue was reported to the curl project on January 18, 2019. A patch was communicated to the reporter on January 19, 2019. We contacted distros@openwall on January 28. curl 7.64.0 was released on February 6 2019, coordinated with the publication of this advisory. CREDITS ------- Reported by Brian Carpenter, Geeknik Labs. Patch by Daniel Gustafsson Thanks a lot! -- / daniel.haxx.se
SUSE-SU-2019:0248-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1123371,1123377,1123378 CVE References: CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): curl-mini-7.60.0-3.17.1 SUSE Linux Enterprise Module for Basesystem 15 (src): curl-7.60.0-3.17.1
Updated to 7.64.0 in Factory: https://build.opensuse.org/request/show/672083
SUSE-SU-2019:0249-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1123371,1123377,1123378 CVE References: CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Sources used: SUSE OpenStack Cloud 7 (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Server 12-SP3 (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Server 12-LTSS (src): curl-7.37.0-37.34.1 SUSE Linux Enterprise Desktop 12-SP3 (src): curl-7.37.0-37.34.1 SUSE Enterprise Storage 4 (src): curl-7.37.0-37.34.1 SUSE CaaS Platform ALL (src): curl-7.37.0-37.34.1 SUSE CaaS Platform 3.0 (src): curl-7.37.0-37.34.1 OpenStack Cloud Magnum Orchestration 7 (src): curl-7.37.0-37.34.1
Submitted to SUSE:SLE-12-SP4:Update: https://build.suse.de/request/show/183785
SUSE-SU-2019:0339-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1112758,1113029,1113660,1123371,1123377,1123378 CVE References: CVE-2018-16839,CVE-2018-16840,CVE-2018-16842,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): curl-7.60.0-4.3.1 SUSE Linux Enterprise Server 12-SP4 (src): curl-7.60.0-4.3.1 SUSE Linux Enterprise Desktop 12-SP4 (src): curl-7.60.0-4.3.1
openSUSE-SU-2019:0173-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1123371,1123377,1123378 CVE References: CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Sources used: openSUSE Leap 42.3 (src): curl-7.37.0-45.1
openSUSE-SU-2019:0174-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1123371,1123377,1123378 CVE References: CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Sources used: openSUSE Leap 15.0 (src): curl-7.60.0-lp150.2.18.1, curl-mini-7.60.0-lp150.2.18.1
released
SUSE-SU-2019:0249-2: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1123371,1123377,1123378 CVE References: CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): curl-7.37.0-37.34.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.