ASA-2019-00043 – curl: SMTP end-of-response out-of-bounds read


Allele Security Alert

ASA-2019-00043

Identifier(s)

ASA-2019-00043, CVE-2019-3823

Title

SMTP end-of-response out-of-bounds read

Vendor(s)

the Curl project

Product(s)

curl

Affected version(s)

libcurl 7.34.0 to and including 7.63.0

Fixed version(s)

libcurl >= 7.64.0

Proof of concept

Unknown

Description

libcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP.

If the buffer passed to smtp_endofresp() isn’t NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller.

Technical details

Unknown

Credits

Brian Carpenter (Geeknik Labs)

Reference(s)

SMTP end-of-response out-of-bounds read
https://curl.haxx.se/docs/CVE-2019-3823.html

smtp: Fixed response code parsing for bad AUTH continuation responses
https://github.com/curl/curl/commit/2766262a68

[SECURITY ADVISORY] curl: SMTP end-of-response out-of-bounds read
https://seclists.org/oss-sec/2019/q1/111

CVE-2019-3823 – Red Hat Customer Portal
https://access.redhat.com/security/cve/cve-2019-3823

CVE-2019-3823 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3823.html

CVE-2019-3823
https://security-tracker.debian.org/tracker/CVE-2019-3823

USN-3882-1: curl vulnerabilities | Ubuntu security notices
https://usn.ubuntu.com/3882-1/

CVE-2019-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823

CVE-2019-3823
https://nvd.nist.gov/vuln/detail/CVE-2019-3823

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 9, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.