{"id":"CVE-2019-5481","details":"Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.","aliases":["CURL-CVE-2019-5481"],"modified":"2026-04-16T00:06:25.967728336Z","published":"2019-09-16T19:15:10.587Z","related":["SUSE-SU-2019:2373-1","SUSE-SU-2019:2381-1","openSUSE-SU-2019:2149-1","openSUSE-SU-2019:2169-1","openSUSE-SU-2024:10582-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"3.4"}],"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"4.0"}],"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"4.2"}],"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"4.3"}],"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"12.3.3"}],"cpe":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"12.4.0"}],"cpe":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"20.0"}],"cpe":"cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"10.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"29"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"30"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"31"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"15.0"}],"cpe":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"15.1"}],"cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"},{"type":"ADVISORY","url":"https://curl.haxx.se/docs/CVE-2019-5481.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2020/Feb/36"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-29"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20191004-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4633"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"95c717bbd9c327c38b4efcc37d5cda29b8ee2a36"},{"last_affected":"aa73eb47bc8583070734696b25b34ad54c2c1f5e"}],"database_specific":{"extracted_events":[{"introduced":"7.52.0"},{"last_affected":"7.65.3"}],"cpe":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["curl-7_52_0","curl-7_52_1","curl-7_53_0","curl-7_53_1","curl-7_54_0","curl-7_54_1","curl-7_55_0","curl-7_55_1","curl-7_56_0","curl-7_56_1","curl-7_57_0","curl-7_58_0","curl-7_59_0","curl-7_60_0","curl-7_61_0","curl-7_61_1","curl-7_62_0","curl-7_63_0","curl-7_64_0","curl-7_64_1","curl-7_65_0","curl-7_65_1","curl-7_65_2","curl-7_65_3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5481.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"4a4838059fd109428eb90df27c4682b9d206cbb0"},{"last_affected":"824e2b4064053f7daf17d7f3f84b7a3ed92e5fb4"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"},{"last_affected":"b2f3214ae2b4a250d3b8a7b7a61037f89b5dc9b1"},{"last_affected":"527c12ed611f3fe072c3043734319edb2c733099"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"91a17cedb1ee880fe7915fb14cfd74c04e8d6588"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"4.1"},{"last_affected":"8.3"},{"last_affected":"8.4"},{"introduced":"5.7.0"},{"last_affected":"5.7.28"},{"last_affected":"9.0"},{"introduced":"8.0.0"},{"last_affected":"8.0.18"}],"cpe":["cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-4.1.0","mysql-5.1.4","mysql-5.7.28","mysql-8.0.18","mysql-8.3.0","mysql-8.4.0","mysql-9.0.0","mysql-9.0.0-release","mysql-cluster-8.0.18","mysql-cluster-8.3.0","mysql-cluster-8.4.0","mysql-cluster-9.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5481.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}