4.3

CVE-2014-3707

EPSS 0.26%
Veröffentlicht 15.11.2014 20:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.10

Apple ≫ macOS X Version10.10.0

Apple ≫ macOS X Version10.10.1

Apple ≫ macOS X Version10.10.2

Apple ≫ macOS X Version10.10.3

Apple ≫ macOS X Version10.10.4

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Oracle ≫ Hyperion Version11.1.2.2

Oracle ≫ Hyperion Version11.1.2.3

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Haxx ≫ Libcurl Version7.17.1

Haxx ≫ Libcurl Version7.18.0

Haxx ≫ Libcurl Version7.18.1

Haxx ≫ Libcurl Version7.18.2

Haxx ≫ Libcurl Version7.19.0

Haxx ≫ Libcurl Version7.19.1

Haxx ≫ Libcurl Version7.19.2

Haxx ≫ Libcurl Version7.19.3

Haxx ≫ Libcurl Version7.19.4

Haxx ≫ Libcurl Version7.19.5

Haxx ≫ Libcurl Version7.19.6

Haxx ≫ Libcurl Version7.19.7

Haxx ≫ Libcurl Version7.20.0

Haxx ≫ Libcurl Version7.20.1

Haxx ≫ Libcurl Version7.21.0

Haxx ≫ Libcurl Version7.21.1

Haxx ≫ Libcurl Version7.21.2

Haxx ≫ Libcurl Version7.21.3

Haxx ≫ Libcurl Version7.21.4

Haxx ≫ Libcurl Version7.21.5

Haxx ≫ Libcurl Version7.21.6

Haxx ≫ Libcurl Version7.21.7

Haxx ≫ Libcurl Version7.22.0

Haxx ≫ Libcurl Version7.23.0

Haxx ≫ Libcurl Version7.23.1

Haxx ≫ Libcurl Version7.24.0

Haxx ≫ Libcurl Version7.25.0

Haxx ≫ Libcurl Version7.26.0

Haxx ≫ Libcurl Version7.27.0

Haxx ≫ Libcurl Version7.28.0

Haxx ≫ Libcurl Version7.28.1

Haxx ≫ Libcurl Version7.29.0

Haxx ≫ Libcurl Version7.30.0

Haxx ≫ Libcurl Version7.31.0

Haxx ≫ Libcurl Version7.32.0

Haxx ≫ Libcurl Version7.33.0

Haxx ≫ Libcurl Version7.34.0

Haxx ≫ Libcurl Version7.35.0

Haxx ≫ Libcurl Version7.36.0

Haxx ≫ Libcurl Version7.37.0

Haxx ≫ Libcurl Version7.37.1

Haxx ≫ Libcurl Version7.38.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.49

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT205031

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://curl.haxx.se/docs/adv_20141105.html

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1254.html

http://www.debian.org/security/2014/dsa-3069

Third Party Advisory

http://www.securityfocus.com/bid/70988

http://www.ubuntu.com/usn/USN-2399-1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-3707

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3707

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3707

EUVD