The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 6.5
Impact Score: 3.6
Exploitability Score: 2.8
|121761||Photon OS 2.0: Curl PHSA-2017-0045||Nessus||PhotonOS Local Security Checks|
|111894||Photon OS 2.0: Bash / Curl / Go / Libtiff / Systemd PHSA-2017-0045 (deprecated)||Nessus||PhotonOS Local Security Checks|
|103282||GLSA-201709-14 : cURL: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|102877||Amazon Linux AMI : curl (ALAS-2017-889)||Nessus||Amazon Linux Local Security Checks|
|102463||Fedora 25 : curl (2017-f2df9d7772)||Nessus||Fedora Local Security Checks|
|102462||Fedora 26 : curl (2017-f1ffd18079)||Nessus||Fedora Local Security Checks|
|102365||Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-221-01)||Nessus||Slackware Local Security Checks|
|102330||FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)||Nessus||FreeBSD Local Security Checks|