Allele Security Alert
ASA-2019-00043
Identifier(s)
ASA-2019-00043, CVE-2019-3823
Title
SMTP end-of-response out-of-bounds read
Vendor(s)
the Curl project
Product(s)
curl
Affected version(s)
libcurl 7.34.0 to and including 7.63.0
Fixed version(s)
libcurl >= 7.64.0
Proof of concept
Unknown
Description
libcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP.
If the buffer passed to smtp_endofresp() isn’t NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller.
Technical details
Unknown
Credits
Brian Carpenter (Geeknik Labs)
Reference(s)
SMTP end-of-response out-of-bounds read
https://curl.haxx.se/docs/CVE-2019-3823.html
smtp: Fixed response code parsing for bad AUTH continuation responses
https://github.com/curl/curl/commit/2766262a68
[SECURITY ADVISORY] curl: SMTP end-of-response out-of-bounds read
https://seclists.org/oss-sec/2019/q1/111
CVE-2019-3823 – Red Hat Customer Portal
https://access.redhat.com/security/cve/cve-2019-3823
CVE-2019-3823 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3823.html
CVE-2019-3823
https://security-tracker.debian.org/tracker/CVE-2019-3823
USN-3882-1: curl vulnerabilities | Ubuntu security notices
https://usn.ubuntu.com/3882-1/
CVE-2019-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823
CVE-2019-3823
https://nvd.nist.gov/vuln/detail/CVE-2019-3823
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 9, 2019