Executive Summary

Informations
NameCVE-2019-5443First vendor Publication2019-07-02
VendorCveLast vendor Modification2019-10-09

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score4.6Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5443

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application155
Os1

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/108881
MISC https://curl.haxx.se/docs/CVE-2019-5443.html
MLIST http://www.openwall.com/lists/oss-security/2019/06/24/1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2019-10-10 05:21:08
  • Multiple Updates
2019-09-25 01:11:02
  • Multiple Updates
2019-09-18 12:11:00
  • Multiple Updates
2019-07-08 17:19:14
  • Multiple Updates
2019-07-03 00:19:19
  • First insertion