{"id":"CVE-2019-5482","details":"Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.","aliases":["CURL-CVE-2019-5482"],"modified":"2026-05-18T05:49:36.927180076Z","published":"2019-09-16T19:15:10.633Z","related":["SUSE-SU-2019:14172-1","SUSE-SU-2019:2339-2","SUSE-SU-2019:2373-1","SUSE-SU-2019:2381-1","openSUSE-SU-2019:2149-1","openSUSE-SU-2019:2169-1","openSUSE-SU-2024:10582-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}],"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"29"},{"last_affected":"30"},{"last_affected":"31"}],"vendor_product":"fedoraproject:fedora","cpes":["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"introduced":"7.3"},{"introduced":"9.5"}],"vendor_product":"netapp:oncommand_unified_manager","cpes":["cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0"},{"last_affected":"15.1"}],"vendor_product":"opensuse:leap","cpes":["cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"3.4"},{"last_affected":"4.0"},{"last_affected":"4.1"},{"last_affected":"4.2"},{"last_affected":"4.3"}],"vendor_product":"oracle:communications_operations_monitor","cpes":["cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.3"},{"last_affected":"8.4"}],"vendor_product":"oracle:communications_session_border_controller","cpes":["cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"12.3.3"},{"last_affected":"12.4.0"}],"vendor_product":"oracle:enterprise_manager_ops_center","cpes":["cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"12.2.1.3.0"},{"last_affected":"12.2.1.4.0"}],"vendor_product":"oracle:http_server","cpes":["cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.1.2.4"}],"vendor_product":"oracle:hyperion_essbase","cpes":["cpe:2.3:a:oracle:hyperion_essbase:11.1.2.4:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"20.0"}],"vendor_product":"oracle:oss_support_tools","cpes":["cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"},{"type":"ADVISORY","url":"https://curl.haxx.se/docs/CVE-2019-5482.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2020/Feb/36"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-29"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20191004-0003/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200416-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4633"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"042cc1f69ec0878f542667cb684378869f859911"},{"last_affected":"aa73eb47bc8583070734696b25b34ad54c2c1f5e"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"7.19.4"},{"last_affected":"7.65.3"}],"cpe":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"}}],"versions":["curl-7_65_3","curl-7_65_2","curl-7_65_1","curl-7_65_0","curl-7_64_1","curl-7_64_0","curl-7_63_0","curl-7_62_0","curl-7_61_1","curl-7_61_0","curl-7_60_0","curl-7_59_0","curl-7_58_0","curl-7_57_0","curl-7_56_1","curl-7_56_0","curl-7_55_1","curl-7_55_0","curl-7_54_1","curl-7_54_0","curl-7_53_1","curl-7_53_0","curl-7_52_1","curl-7_52_0","curl-7_51_0","curl-7_50_3","curl-7_50_2","curl-7_50_1","curl-7_50_0","curl-7_49_1","curl-7_49_0","curl-7_48_0","curl-7_47_1","curl-7_47_0","curl-7_46_0","curl-7_45_0","curl-7_44_0","curl-7_43_0","curl-7_42_0","curl-7_41_0","curl-7_40_0","curl-7_39_0","curl-7_38_0","curl-7_37_1","curl-7_37_0","curl-7_36_0","curl-7_35_0","curl-7_34_0","curl-7_33_0","curl-7_32_0","curl-7_31_0","curl-7_30_0","curl-7_29_0","curl-7_28_1","curl-7_28_0","curl-7_27_0","curl-7_26_0","curl-7_25_0","curl-7_23_1","curl-7_23_0","curl-7_22_0","curl-7_21_7","curl-7_21_6","curl-7_21_5","curl-7_21_4","curl-7_21_3","curl-7_21_2","curl-7_21_1","curl-7_21_0","curl-7_20_1","curl-7_20_0","curl-7_19_7","curl-7_19_6","curl-7_19_5","curl-7_19_4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5482.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"f9e2c6cd27268e72198bde3c1a71eb1273df335a"},{"last_affected":"b2f3214ae2b4a250d3b8a7b7a61037f89b5dc9b1"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"91a17cedb1ee880fe7915fb14cfd74c04e8d6588"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"5.0.0"},{"last_affected":"5.7.28"},{"introduced":"8.0.0"},{"last_affected":"8.0.18"}],"cpe":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5482.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}