ALAS2-2019-1340

Affecting libcurl package, versions <7.61.1-12.amzn2.0.1

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-5482: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. 99999: CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet() CVE-2019-5481: 99999: CVE-2019-5481 curl: double free due to subsequent call of realloc() Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

References

CVE
ALAS2-2019-1340
Snyk ID
SNYK-AMZN2-LIBCURL-497386
Published
13 Nov, 2019