CVE-2014-3707

EPSS 0.23%

curl - security update

發布日:2014/11/15修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-3707

描述

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

受影響套件(3)

Debian/curlfrom 0, < 7.38.0-3
Debian/curlfrom 0, < 7.21.0-2.1+squeeze10
Debian/curlfrom 0, < 7.26.0-1+wheezy11

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3707