[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3707Date: (C)2014-12-01   (M)2024-04-19


The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-70988
APPLE-SA-2015-08-13-2
DSA-3069
RHSA-2015:1254
USN-2399-1
http://curl.haxx.se/docs/adv_20141105.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://support.apple.com/kb/HT205031
openSUSE-SU-2015:0248

CPE    56
cpe:/a:oracle:hyperion:11.1.2.2
cpe:/a:oracle:hyperion:11.1.2.3
cpe:/a:haxx:libcurl:7.24.0
cpe:/a:haxx:libcurl:7.20.1
...
CWE    1
CWE-200
OVAL    22
oval:org.secpod.oval:def:26639
oval:org.secpod.oval:def:702280
oval:org.secpod.oval:def:204236
oval:org.secpod.oval:def:204257
...

© SecPod Technologies