CVE-2019-5436

high

CVSS v3 Base Score

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

13.3%

Exploitation probability in 30 days

Top 6% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: May 28, 2019 (2542 days ago)

Last Modified: April 15, 2026

Vendor: F5

Source: NVD

Description

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

CWE

CWE-122

Affected Products

haxx libcurlopensuse leapfedoraproject fedoradebian debian linuxf5 traffix signaling delivery controllernetapp hci management nodenetapp solidfirenetapp steelstore cloud integrated storageoracle enterprise manager ops centeroracle mysql server

References

🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 www.openwall.com 🔗 curl.haxx.se 🔗 lists.fedoraproject.org

CVE-2019-5436

Vulnerability Report

Description

CWE

Affected Products

References