Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-3707

Published: 5 November 2014

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

Priority

Medium

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
upstream
Released (7.39.0)
lucid
Released (7.19.7-1ubuntu1.10)
precise
Released (7.22.0-3ubuntu4.11)
trusty
Released (7.35.0-1ubuntu2.2)
utopic
Released (7.37.1-1ubuntu3.1)
Patches:
upstream: http://curl.haxx.se/CVE-2014-3707.patch
upstream: https://github.com/bagder/curl/commit/b3875606925536f82fc61f3114ac42f29eaf6945
upstream: https://github.com/bagder/curl/commit/e8cea8d70fed7ad5e14d8b3e871ebf0ea0bf53b0
upstream: https://github.com/bagder/curl/commit/92e7e346f35b89d89c079403e5aeb16bee0e8836
upstream: https://github.com/bagder/curl/commit/8a2dda312cc916e3ec3d0bc99850d9abe5ae6b92