Computer Security
[EN] securityvulns.ru no-pyccku


libcurl information leakage
Published:24.11.2014
Source:
SecurityVulns ID:14101
Type:client
Threat Level:
5/10
Description:Memory content leakage via POST.
Affected:CURL : libcurl 7.38
CVE:CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:213 ] curl (24.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod