CVE-2014-3707

Published: 5 November 2014

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

Priority

Status

Package	Release	Status
curl Launchpad, Ubuntu, Debian	lucid	Released (7.19.7-1ubuntu1.10)
	precise	Released (7.22.0-3ubuntu4.11)
	trusty	Released (7.35.0-1ubuntu2.2)
	upstream	Released (7.39.0)
	utopic	Released (7.37.1-1ubuntu3.1)
	Patches: upstream: http://curl.haxx.se/CVE-2014-3707.patch upstream: https://github.com/bagder/curl/commit/b3875606925536f82fc61f3114ac42f29eaf6945 upstream: https://github.com/bagder/curl/commit/e8cea8d70fed7ad5e14d8b3e871ebf0ea0bf53b0 upstream: https://github.com/bagder/curl/commit/92e7e346f35b89d89c079403e5aeb16bee0e8836 upstream: https://github.com/bagder/curl/commit/8a2dda312cc916e3ec3d0bc99850d9abe5ae6b92

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-3707

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading