Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3707

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://curl.haxx.se/do...
DEBIAN: DSA-3069
UBUNTU: USN-2399-1
SUSE: openSUSE-SU-2015:0248
CONFIRM: http://www.oracle.com/...
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-08-13-2
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 70988
CONFIRM: http://kb.juniper.net/...
CONFIRM: http://www.oracle.com/...
REDHAT: RHSA-2015:1254

Launchpad.net

CVE 2014-3707

Related bugs

References