Stack-based buffer overflow in curl (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-3822 |
| CWE-ID | CWE-121 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
curl (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Stack-based buffer overflow
EUVDB-ID: #VU17456
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-3822
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to the NT LAN Manager (NTLM) Curl_auth_create_ntlm_type3_message function creates an outgoing NTLM type-3 header and generates the request HTTP header contents based on previously received data. A remote unauthenticated attacker can send very large ‘nt response’ output data, that has been extracted from a previous NTLMv2 header that was provided by a malicious or broken HTTP server, trigger stack-based buffer overflow and cause the service to crash or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionscurl (Alpine package): 7.61.1-r1
CPE2.3 External linkshttp://git.alpinelinux.org/aports/commit/?id=f8e74ed5d486b34f474038f07979498dba33a6f1
http://git.alpinelinux.org/aports/commit/?id=5ba18f0ca5e2e4f2371cf806a531c993d2b9689b
http://git.alpinelinux.org/aports/commit/?id=d3a946561011a260c6b7a31fa0714a943e38cdfa
http://git.alpinelinux.org/aports/commit/?id=f7cc724b9adaf1c7da74f14c8664294e44e73e99
http://git.alpinelinux.org/aports/commit/?id=9a196002b469339f47b2d93361aced8256aa4dce
http://git.alpinelinux.org/aports/commit/?id=203cb413da1ecf416412c7b7d53213b1c2b22a09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
