Security Advisory

CVE-2019-5443

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-02 18:31:23

Last updated 2024-08-04 19:54:53

Assigner hackerone

State PUBLISHED

Description

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

← Browse all CVEs View on cve.org ↗