Описание
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.38.0-3ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 7.35.0-1ubuntu2.2 |
| lucid | released | 7.19.7-1ubuntu1.10 |
| precise | released | 7.22.0-3ubuntu4.11 |
| trusty | released | 7.35.0-1ubuntu2.2 |
| trusty/esm | not-affected | 7.35.0-1ubuntu2.2 |
| upstream | released | 7.39.0 |
| utopic | released | 7.37.1-1ubuntu3.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, whe ...
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
ELSA-2015-2159: curl security, bug fix, and enhancement update (MODERATE)
EPSS
4.3 Medium
CVSS2