Your submission was sent successfully! Close

CVE-2014-3707

Published: 5 November 2014

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

Priority

Medium

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
lucid
Released (7.19.7-1ubuntu1.10)
precise
Released (7.22.0-3ubuntu4.11)
trusty
Released (7.35.0-1ubuntu2.2)
upstream
Released (7.39.0)
utopic
Released (7.37.1-1ubuntu3.1)