PublicDateAtUSN: 2019-05-22
Candidate: CVE-2019-5435
CRD: 2019-05-22
PublicDate: 2019-05-28 19:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435
 https://curl.haxx.se/docs/CVE-2019-5435.html
 https://ubuntu.com/security/notices/USN-3993-1
Description:
 An integer overflow in curl's URL API results in a buffer overflow in
 libcurl 7.62.0 to and including 7.64.1.
Ubuntu-Description: 
Notes: 
 mdeslaur> 7.62.0+ only
Bugs: 
Priority: medium
Discovered-by: Wenchao Li
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L [3.7 LOW]


Patches_curl:
 upstream: https://github.com/curl/curl/commit/5fc28510a4664f4
upstream_curl: released (7.65.0)
precise/esm_curl: not-affected (code not present)
trusty/esm_curl: not-affected (code not present)
xenial_curl: not-affected (code not present)
esm-infra/xenial_curl: not-affected (code not present)
bionic_curl: not-affected (code not present)
cosmic_curl: not-affected (code not present)
disco_curl: released (7.64.0-2ubuntu1.1)
devel_curl: released (7.64.0-3ubuntu2)