You are here

Home › Curl: Vulnerability fixed in Version 7.65.0

Curl: Vulnerability fixed in Version 7.65.0

Submitted on 23. May 2019 - 11:50 by rischi.
Last update on 23. May 2019 - 11:55.
IDs: 
CVE-2019-5435, CVE-2019-5436
Keywords: 
curl, TFTP
Description: 

Curl released version 7.65.0 fixing two vulnerabilities [1].

No action required for Airlock WAF

Details:

  • CVE-2019-5435 - Integer overflow in the function curl_url_set(). The vulnerability affects 32-bit builds of curl. Airlock WAF runs on a 64-bit system.
  • CVE-2019-5436 - Heap buffer overflow in the function tftp_receive_packet(). tftp is disabled in the curl library used by Airlock WAF.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] curl security problems
© Ergon Informatik AG