« List of all CVEs

CVE-2019-5436

Published: 5/28/2019 Last updated: 4/15/2026 Reserved: 1/4/2019

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

CNA assigner: hackerone (36234546-b8fa-4601-9d6f-f4e334aa8ea1) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7.8 High CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (3)

conf-libcurl conf-mingw-w64-curl-i686 conf-mingw-w64-curl-x86_64

Products affected (2)

Product Vendor Version
curl curl n/a
curl curl n/a

References (56)