CVE-2014-3707

Published Nov 15, 2014
Last updated 6 years ago
CVSS info 4.3
Overview

Description: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
Source: secalert@redhat.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8A2286E-9D1C-4B56-8B40-150201B818AF"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "831B1114-7CA7-43E3-9A15-592218060A1F"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8B0A12E-E122-4189-A05E-4FEA43C19876"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:hyperion:11.1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74DA49AC-B255-470A-839D-210EA929AB96"
          },
          {
            "criteria": "cpe:2.3:a:oracle:hyperion:11.1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D31D1BC-B017-4464-A0E3-84C2F20887C3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08C8EE1E-E186-42D6-8B12-05865C73F261"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEA3D88B-41B9-4D79-B47D-B3D6058C0C27"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2C80901-D48E-4C2A-9BED-A40007A11C97"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "331A51E4-AA73-486F-9618-5A83965F2436"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB32DF2C-9208-4853-ADEB-B00D764D7467"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E05636DC-7E38-4605-AAB8-81C0AE37520A"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "624DF2F1-53FD-48D3-B93D-44E99C9C0C5D"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2171C7C-311A-4405-B95F-3A54966FA844"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DE20A41-8B53-46FC-9002-69CC7495171F"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87ED9DA0-E880-4CBB-B1AC-5AEE8A004718"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5293C7F0-BF9F-4768-889A-876CE78903CC"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3EB41B3-65F3-4B0E-8CCC-325B14AF605B"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "857B244C-2AFB-40C7-A893-7C6DE9871BCE"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B732CE55-820A-40E0-A885-71BBB6CF8C15"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0455A5F2-1515-4CD8-BA2F-74D28E91A661"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29034B3A-BE9D-4D68-8C56-4465C03C3693"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6249538E-FBCB-4130-91FB-DA78D7BA45DE"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E11B8A5-50A2-468F-BFB3-86DD9D28AC73"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EAE25A0-3828-46F1-AB30-88732CBC9F38"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1533A85C-2160-445D-8787-E624AEDC5A0C"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D87B9393-7EA4-43DA-900C-7E840AE2D4C2"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D1249E9-304F-4952-8DAB-8B79CE5E7D54"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83FAF953-6A65-4FAB-BDB5-03B468CD1C9A"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29F8FF1F-A639-4161-9366-62528AAF4C07"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "812AB429-379A-4EDE-9664-5BC2989053F6"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13DD791F-C4BD-4456-955A-92E84082AA09"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A17E442-45AA-4780-98B4-9BF764DCC1C5"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6AF544C-5F16-4434-B9FB-93B1B7318950"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBFD9ED9-2412-44AE-9C55-0ED03A121B23"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E66A332-ECD1-4452-B444-FB629022FDF0"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDD3D599-35E9-4590-B5E0-3AF04D344695"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FAC1B55-F492-484E-B837-E7745682DE0A"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0D57914-B40A-462B-9C78-6433BE2B2DB4"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9A12DF7-62C5-46AD-9236-E2821C64156E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
