CVE-2014-3707

EPSS 0.23%

curl - security update

Published: 11/15/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-3707

Description

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

Affected packages (3)

Debian/curlfrom 0, < 7.38.0-3
Debian/curlfrom 0, < 7.21.0-2.1+squeeze10
Debian/curlfrom 0, < 7.26.0-1+wheezy11

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3707