CVE-2019-5436

CVE Database · CVE-2019-5436

· HIGHModified

CVSS v3.1

7.8

EPSS

49.74%

Published

May 28, 2019

Modified

Apr 15, 2026

Public PoC / Exploit (1)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-122CWE-787

Affected Products (16)

haxx · libcurlvulnerable

opensuse · leapvulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

f5 · traffix_signaling_delivery_controllervulnerable

netapp · hci_management_nodevulnerable

netapp · solidfirevulnerable

References (20)

Mailing ListThird Party Advisory

Mailing ListThird Party Advisory

Mailing ListPatchThird Party Advisory

ExploitPatchVendor Advisory