Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7407

Опубликовано: 04 апр. 2017
Источник: redhat
CVSS3: 2.4

Описание

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Отчет

This flaw did not affect Red Hat Enterprise Linux 8 and Red Hat Software Collections 3, as they already included the fixed version of the curl package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 1.0 on Red Hat Enterprise Linuxrh-dotnetcore10-curlNot affected
.NET Core 1.1 on Red Hat Enterprise Linuxrh-dotnetcore11-curlNot affected
.NET Core 2.0 on Red Hat Enterprise Linuxrh-dotnet20-curlNot affected
.NET Core 2.1 on Red Hat Enterprise Linuxrh-dotnet21-curlNot affected
Red Hat Enterprise Linux 5curlOut of support scope
Red Hat Enterprise Linux 6curlOut of support scope
Red Hat Enterprise Linux 7curlWill not fix
Red Hat Enterprise Linux 8curlNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerWill not fix
Red Hat JBoss Web Server 3curlWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1439190curl: --write-out out of bounds read

2.4 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-7407

CVSS3: 2.4
ubuntu
почти 9 лет назад

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

nvd логотип

CVE-2017-7407

CVSS3: 2.4
nvd
почти 9 лет назад

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

debian логотип

CVE-2017-7407

CVSS3: 2.4
debian
почти 9 лет назад

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...

github логотип

GHSA-wc6r-j2hr-524x

CVSS3: 2.4
github
больше 3 лет назад

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

suse-cvrf логотип

openSUSE-SU-2017:1105-1

suse-cvrf
почти 9 лет назад

Security update for curl

2.4 Low

CVSS3