7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
0.15 Low
EPSS
Percentile
95.9%
Package : curl
Version : 7.38.0-4+deb8u14
CVE IDs : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
It was discovered that there were three vulnerabilities in the curl
command-line HTTP (etc.) client:
CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in
the handling of NTLM type-2 messages.
CVE-2019-3822: Stack-based buffer overflow in the handling of
outgoing NTLM type-3 headers.
CVE-2019-3823: Heap out-of-bounds read in code handling
the end of a response in the SMTP protocol.
For Debian 8 "Jessie", this issue has been fixed in curl version
7.38.0-4+deb8u14.
We recommend that you upgrade your curl packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] 🍥 chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | i386 | libcurl3-nss | < 7.38.0-4+deb8u14 | libcurl3-nss_7.38.0-4+deb8u14_i386.deb |
Debian | 8 | amd64 | curl | < 7.38.0-4+deb8u14 | curl_7.38.0-4+deb8u14_amd64.deb |
Debian | 8 | i386 | curl | < 7.38.0-4+deb8u14 | curl_7.38.0-4+deb8u14_i386.deb |
Debian | 8 | all | curl | < 7.38.0-4+deb8u14 | curl_7.38.0-4+deb8u14_all.deb |
Debian | 8 | armel | libcurl3-nss | < 7.38.0-4+deb8u14 | libcurl3-nss_7.38.0-4+deb8u14_armel.deb |
Debian | 8 | armel | libcurl3 | < 7.38.0-4+deb8u14 | libcurl3_7.38.0-4+deb8u14_armel.deb |
Debian | 8 | armel | libcurl4-gnutls-dev | < 7.38.0-4+deb8u14 | libcurl4-gnutls-dev_7.38.0-4+deb8u14_armel.deb |
Debian | 8 | armhf | libcurl4-gnutls-dev | < 7.38.0-4+deb8u14 | libcurl4-gnutls-dev_7.38.0-4+deb8u14_armhf.deb |
Debian | 8 | armel | libcurl4-openssl-dev | < 7.38.0-4+deb8u14 | libcurl4-openssl-dev_7.38.0-4+deb8u14_armel.deb |
Debian | 8 | i386 | libcurl3 | < 7.38.0-4+deb8u14 | libcurl3_7.38.0-4+deb8u14_i386.deb |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
0.15 Low
EPSS
Percentile
95.9%