« List of all CVEs

CVE-2014-3707

Published: 11/15/2014 Last updated: 8/6/2024 Reserved: 5/14/2014

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (3)

conf-libcurl conf-mingw-w64-curl-i686 conf-mingw-w64-curl-x86_64

Products affected (1)

Product Vendor Version
n/a n/a < 69966bce28da6aadccfd968b75d128a79da32d17

References (52)