{"id":"CURL-CVE-2019-3823","summary":"SMTP end-of-response out-of-bounds read","details":"libcurl contains a heap out-of-bounds read in the code handling the\nend-of-response for SMTP.\n\nIf the buffer passed to `smtp_endofresp()` is not null-terminated and contains\nno character ending the parsed number, and `len` is set to 5, then the\n`strtol()` call reads beyond the allocated buffer. The read content is not\nreturned to the caller.","aliases":["CVE-2019-3823"],"modified":"2026-05-21T06:00:27.362768739Z","published":"2019-02-06T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2019-3823.json","affects":"both","last_affected":"7.63.0","CWE":{"desc":"Out-of-bounds Read","id":"CWE-125"},"severity":"Low","www":"https://curl.se/docs/CVE-2019-3823.html","package":"curl"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.34.0"},{"fixed":"7.64.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"2766262a68688c1dd8143f9c4be84b46c408b70a"},{"fixed":"39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484"}]}],"versions":["7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","curl-7_63_0","curl-7_62_0","curl-7_61_1","curl-7_61_0","curl-7_60_0","curl-7_59_0","curl-7_58_0","curl-7_57_0","curl-7_56_1","curl-7_56_0","curl-7_55_1","curl-7_55_0","curl-7_54_1","curl-7_54_0","curl-7_53_1","curl-7_53_0","curl-7_52_1","curl-7_52_0","curl-7_51_0","curl-7_50_3","curl-7_50_2","curl-7_50_1","curl-7_50_0","curl-7_49_1","curl-7_49_0","curl-7_48_0","curl-7_47_1","curl-7_47_0","curl-7_46_0","curl-7_45_0","curl-7_44_0","curl-7_43_0","curl-7_42_1","curl-7_42_0","curl-7_41_0","curl-7_40_0","curl-7_39_0","curl-7_38_0","curl-7_37_1","curl-7_37_0","curl-7_36_0","curl-7_35_0","curl-7_34_0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2019-3823.json"}}],"schema_version":"1.7.5","credits":[{"name":"Brian Carpenter (Geeknik Labs)","type":"FINDER"},{"name":"Daniel Gustafsson","type":"REMEDIATION_DEVELOPER"}]}