Libcurl vulnerabilities identified on endpoint agent
search cancel

Libcurl vulnerabilities identified on endpoint agent

book

Article ID: 399150

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention API Detection Data Loss Prevention API Detection for Developer Apps Virtual Appliance Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Package Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Service for Discovery/Connector Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Storage Data Loss Prevention Core Package Data Loss Prevention Data Access Governance Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention for Mobile Data Loss Prevention Form Recognition Data Loss Prevention Network Discover Data Loss Prevention Network Monitor Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Email Virtual Appliance Data Loss Prevention Network Prevent for Web Virtual Appliance Data Loss Prevention Network Protect Data Loss Prevention Oracle Standard Edition 2 Data Loss Prevention Plus Suite Data Loss Prevention Sensitive Image Recognition Data Loss Protection Oracle Standard Edition

Issue/Introduction

Windows Defender or some security vulnerability scanner has identified Libcurl libraries that the DLP agent uses and associated them with known CVEs
CVE-2024-7264
CVE-2024-2398
CVE-2023-38545
CVE-2019-3822
CVE-2019-3823
CVE-2019-5435
CVE-2019-5436
CVE-2019-5481
CVE-2018-1000005
CVE-2018-1000007
CVE-2018-16890
CVE-2017-8818
CVE-2014-3707
CVE-2014-0015
CVE-2013-4545
CVE-2013-6422

Resolution

CVE-2024-7264: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used
Conclusion: DLP Agent and Discover do not use CURLINFO_CERTINFO nor ASN.1; DLP Not Vulnerable

CVE-2024-2398: libcurl allowing HTTP/2 server push may cause memory leak.
Conclusion: DLP Agent and Servers do not use "CURLMOPT_PUSHFUNCTION"; DLP Not Vulnerable

CVE-2023-38545: SOCKS5 heap buffer overflow
Conclusion: DLP does not use "CURLOPT_FOLLOWLOCATION" and cannot use SOCKS5 Proxy; DLP Not Vulnerable

CVE-2019-3822: NTLMv2 header stack BO
Conclusion: DLP does not use NTLMv2 functionality of cURL; DLP Not Vulnerable

CVE-2019-3823: SMTP response out-of-bounds read
Conclusion: DLP does not use the SMTP functionality of cURL; DLP Not Vulnerable

CVE-2019-5435: Integer overflow in curl_url_set()
Conclusion: DLP does not use curl_url_set(); DLP Not Vulnerable

CVE-2019-5436: TFTF buffer overflolw
Conclusion: DLP does not use TFTP; DLP Not Vulnerable

CVE-2019-5481: Double-free vulnerability in the FTP-kerberos code
Conclusion: DLP does not use FTP kerberos functionality of cURL; DLP Not Vulnerable

CVE-2018-1000005: Out-of-bound read in HTTP/2 handler
Conclusion: DLP does not use the HTTP/2 functionality of cURL; DLP Not Vulnerable

CVE-2018-1000007: HTTP authN leak in re-directs
Conclusion: DLP does not use the HTTP authN functionality of cURL; DLP Not Vulnerable

CVE-2018-16890: NTLMv2 out-of-bounds buffer read
Conclusion: DLP does not use the NTLMv2 functionality of cURL; DLP Not Vulnerable

CVE-2017-8818: SSL out of buffer access
Conclusion: Affects libcurl 7.56.0 to and including 7.56.1. DLP is currently on 7.54.1; DLP Not Vulnerable

CVE-2014-3707: duphandle out ofbounds read
Conclusion: DLP does not use curl_easy_duphandle(); DLP Not Vulnerable

CVE-2014-0015: libcurl re-use of wrongHTTP NTLM connection
Conclusion: DLP is not using NTLM nor enabling NTLM authentication; DLP Not Vulnerable

CVE-2013-4545: cert name check ignoreOpenSSL
Conclusion: DLP does not ignore trust chains of digital certificates; DLP Not Vulnerable

CVE-2013-6422: cert name check ignoreGnuTLS
Conclusion: DLP does not use GnuTLS backend; DLP Not Vulnerable

Powered by Wolken Software