CVE-2014-3707

MEDIUM

Description

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

ID	Name	Product	Family	Severity
125003	EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1550)	Nessus	Huawei Local Security Checks	high
87554	Scientific Linux Security Update : curl on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
87138	CentOS 7 : curl (CESA-2015:2159)	Nessus	CentOS Local Security Checks	medium
87028	Oracle Linux 7 : curl (ELSA-2015-2159)	Nessus	Oracle Linux Local Security Checks	medium
86934	RHEL 7 : curl (RHSA-2015:2159)	Nessus	Red Hat Local Security Checks	medium
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
85191	Scientific Linux Security Update : curl on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
85148	OracleVM 3.3 : curl (OVMSA-2015-0107)	Nessus	OracleVM Local Security Checks	medium
85096	Oracle Linux 6 : curl (ELSA-2015-1254)	Nessus	Oracle Linux Local Security Checks	medium
85009	CentOS 6 : curl (CESA-2015:1254)	Nessus	CentOS Local Security Checks	medium
84912	RHEL 6 : curl (RHSA-2015:1254)	Nessus	Red Hat Local Security Checks	medium
83668	SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0083-1)	Nessus	SuSE Local Security Checks	medium
82351	Mandriva Linux Security Advisory : curl (MDVSA-2015:098)	Nessus	Mandriva Local Security Checks	medium
82229	Debian DLA-84-1 : curl security update	Nessus	Debian Local Security Checks	medium
81323	Amazon Linux AMI : curl (ALAS-2015-477)	Nessus	Amazon Linux Local Security Checks	medium
81287	openSUSE Security Update : curl (openSUSE-2015-125)	Nessus	SuSE Local Security Checks	medium
81121	SuSE 11.3 Security Update : curl (SAT Patch Number 10166)	Nessus	SuSE Local Security Checks	medium
80664	Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3707_information_disclosure)	Nessus	Solaris Local Security Checks	medium
80337	Fedora 19 : curl-7.29.0-27.fc19 (2014-16690)	Nessus	Fedora Local Security Checks	medium
80325	Fedora 21 : mingw-curl-7.39.0-1.fc21 (2014-17601)	Nessus	Fedora Local Security Checks	medium
80324	Fedora 20 : mingw-curl-7.39.0-1.fc20 (2014-17596)	Nessus	Fedora Local Security Checks	medium
79951	Fedora 21 : curl-7.37.0-11.fc21 (2014-16605)	Nessus	Fedora Local Security Checks	medium
79950	Fedora 20 : curl-7.32.0-17.fc20 (2014-16538)	Nessus	Fedora Local Security Checks	medium
79655	Fedora 20 : curl-7.32.0-16.fc20 (2014-15706)	Nessus	Fedora Local Security Checks	medium
79321	Mandriva Linux Security Advisory : curl (MDVSA-2014:213)	Nessus	Mandriva Local Security Checks	medium
79119	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : curl vulnerability (USN-2399-1)	Nessus	Ubuntu Local Security Checks	medium
79100	Fedora 20 : curl-7.32.0-15.fc20 (2014-14354)	Nessus	Fedora Local Security Checks	medium
79099	Fedora 21 : curl-7.37.0-9.fc21 (2014-14338)	Nessus	Fedora Local Security Checks	medium
79065	Debian DSA-3069-1 : curl - security update	Nessus	Debian Local Security Checks	medium
8565	cURL/libcURL 7.x < 7.39.0 'curl_easy_duphandle()' Out-of-Bounds Read Issue	Nessus Network Monitor	Web Clients	medium

CVE-2014-3707

Description

References

Details

Risk Information

CVSS v2.0