You are here

Home › Curl: Vulnerabilities fixed in version 7.64.0

Curl: Vulnerabilities fixed in version 7.64.0

Submitted on 7. February 2019 - 16:28 by rischi.
Last update on 7. February 2019 - 18:45.
IDs: 
CVE-2019-3822, CVE-2019-3823, CVE-2018-16890
Keywords: 
curl, ntlm, smtp
Description: 

Curl released version 7.64.0 fixing three vulnerabilities [1].

No action required for Airlock WAF

Details:

  • CVE-2018-16890/CVE-2019-3822: Stack based buffer overflow and heap out-of-bounds read in the NTLM code. Airlock WAF is not affected if back-end NTLM is disabled. Even when back-end NTLM is used, the risk for Airlock WAF is negligible as a successful attack requires a compromised back-end system (or a reflected attack which would be prevented by Airlock WAF by default). Further, the curl team is not aware of any exploit of this flaw.
  • CVE-2019-3823: Heap out-of-bounds read in the SMTP code. The curl library used by Airlock WAF is compiled without SMTP support.
Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] Vulnerabilities in curl 7.63.0
© Ergon Informatik AG