Versions mentioned in the description apply to the upstream
Remediation section below for
Amzn:2 relevant versions.
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-5436: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. 1710620: CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function CVE-2019-5435: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. 1710609: CVE-2019-5435 curl: Integer overflows in curl_url_set() function
curl to version 7.61.1-11.amzn2.0.2 or higher.