libcurl.so is vulnerable to arbitrary code execution. A double-free occurs when a malicious server claims to send a large block that results in the realloc()
function call to fail. The vulnerability exists when curl uses kerberos over FTP, and can be exploited by an attacker to execute arbitrary code on the system.
lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html
bugzilla.suse.com/show_bug.cgi?id=1149495
curl.haxx.se/docs/CVE-2019-5481.html
lists.fedoraproject.org/archives/list/[email protected]/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/
lists.fedoraproject.org/archives/list/[email protected]/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/
lists.fedoraproject.org/archives/list/[email protected]/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/
seclists.org/bugtraq/2020/Feb/36
security.gentoo.org/glsa/202003-29
security.netapp.com/advisory/ntap-20191004-0003/
www.debian.org/security/2020/dsa-4633
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpuoct2020.html