A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
| Link | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/06/24/1 | mailing list third party advisory patch |
| http://www.securityfocus.com/bid/108881 | vdb entry broken link |
| https://www.oracle.com/security-alerts/cpuapr2020.html | third party advisory patch |
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | third party advisory patch |
| https://www.oracle.com/security-alerts/cpuoct2020.html | third party advisory patch |
| https://curl.haxx.se/docs/CVE-2019-5443.html | patch vendor advisory |
| https://security.netapp.com/advisory/ntap-20191017-0002/ | third party advisory |