CVE-2014-3707 MEDIUM

Published: 2014-11-15 | Last Modified: 2026-06-17 | Status: Modified

Description

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

Additional Descriptions (1)

La función curl_easy_duphandle en libcurl 7.17.1 hasta 7.38.0, cuando se ejecuta con la opción CURLOPT_COPYPOSTFIELDS, no copia debidamente datos HTTP POST para un manejo sencillo, lo que provoca una lectura fuera de rango que permite a servidores web remotos leer información sensible de la memoria.

CVSS Metrics

Base Score: 4.3 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-200

Affected Products

Vendor	Product	Version	Update	Type
canonical	ubuntu_linux	10.04	<built-in method update of dict object at 0x72a9a30930c0>	Operating System
canonical	ubuntu_linux	12.04	<built-in method update of dict object at 0x72a9ccfbab40>	Operating System
canonical	ubuntu_linux	14.04	<built-in method update of dict object at 0x72a9ccfba0c0>	Operating System
canonical	ubuntu_linux	14.10	<built-in method update of dict object at 0x72a9cc52f280>	Operating System
apple	mac_os_x	10.10.0	<built-in method update of dict object at 0x72a9a3091bc0>	Operating System
apple	mac_os_x	10.10.1	<built-in method update of dict object at 0x72a9a3091d40>	Operating System
apple	mac_os_x	10.10.2	<built-in method update of dict object at 0x72a9ccfba700>	Operating System
apple	mac_os_x	10.10.3	<built-in method update of dict object at 0x72a9ccfb8b80>	Operating System
apple	mac_os_x	10.10.4	<built-in method update of dict object at 0x72a9ccfb9a80>	Operating System
opensuse	opensuse	13.1	<built-in method update of dict object at 0x72a9a3092800>	Operating System
opensuse	opensuse	13.2	<built-in method update of dict object at 0x72a9ccfb96c0>	Operating System
oracle	hyperion	11.1.2.2	<built-in method update of dict object at 0x72a9ccfbb800>	Application
oracle	hyperion	11.1.2.3	<built-in method update of dict object at 0x72a9ccfbb280>	Application
debian	debian_linux	7.0	<built-in method update of dict object at 0x72a9ccfb9dc0>	Operating System
debian	debian_linux	8.0	<built-in method update of dict object at 0x72a9ccfbad80>	Operating System
haxx	libcurl	7.17.1	<built-in method update of dict object at 0x72a9ccfb9ec0>	Application
haxx	libcurl	7.18.0	<built-in method update of dict object at 0x72a9a3092500>	Application
haxx	libcurl	7.18.1	<built-in method update of dict object at 0x72a9ccfbb380>	Application
haxx	libcurl	7.18.2	<built-in method update of dict object at 0x72a9ccfb9400>	Application
haxx	libcurl	7.19.0	<built-in method update of dict object at 0x72a9cc52fa80>	Application
haxx	libcurl	7.19.1	<built-in method update of dict object at 0x72a9ccfb9f80>	Application
haxx	libcurl	7.19.2	<built-in method update of dict object at 0x72a9ccfb8440>	Application
haxx	libcurl	7.19.3	<built-in method update of dict object at 0x72a9ccfb8740>	Application
haxx	libcurl	7.19.4	<built-in method update of dict object at 0x72a9ccfbb5c0>	Application
haxx	libcurl	7.19.5	<built-in method update of dict object at 0x72a9ccfb9500>	Application
haxx	libcurl	7.19.6	<built-in method update of dict object at 0x72a9ccfb8c40>	Application
haxx	libcurl	7.19.7	<built-in method update of dict object at 0x72a9a3091340>	Application
haxx	libcurl	7.20.0	<built-in method update of dict object at 0x72a9ccfba480>	Application
haxx	libcurl	7.20.1	<built-in method update of dict object at 0x72a9ccfba100>	Application
haxx	libcurl	7.21.0	<built-in method update of dict object at 0x72a9ccfba7c0>	Application
haxx	libcurl	7.21.1	<built-in method update of dict object at 0x72a9ccfbb200>	Application
haxx	libcurl	7.21.2	<built-in method update of dict object at 0x72a9ccfb9880>	Application
haxx	libcurl	7.21.3	<built-in method update of dict object at 0x72a9ccfb91c0>	Application
haxx	libcurl	7.21.4	<built-in method update of dict object at 0x72a9ccfb8480>	Application
haxx	libcurl	7.21.5	<built-in method update of dict object at 0x72a9ccfbbd80>	Application
haxx	libcurl	7.21.6	<built-in method update of dict object at 0x72a9ccfbb2c0>	Application
haxx	libcurl	7.21.7	<built-in method update of dict object at 0x72a9ccfb86c0>	Application
haxx	libcurl	7.22.0	<built-in method update of dict object at 0x72a9ccfb8c00>	Application
haxx	libcurl	7.23.0	<built-in method update of dict object at 0x72a9ccfb9540>	Application
haxx	libcurl	7.23.1	<built-in method update of dict object at 0x72a9ccfb9600>	Application
haxx	libcurl	7.24.0	<built-in method update of dict object at 0x72a9ccfb8ac0>	Application
haxx	libcurl	7.25.0	<built-in method update of dict object at 0x72a9ccfbbec0>	Application
haxx	libcurl	7.26.0	<built-in method update of dict object at 0x72a9ccfbad40>	Application
haxx	libcurl	7.27.0	<built-in method update of dict object at 0x72a9ccfbb600>	Application
haxx	libcurl	7.28.0	<built-in method update of dict object at 0x72a9cc7be540>	Application
haxx	libcurl	7.28.1	<built-in method update of dict object at 0x72a9cc7bdac0>	Application
haxx	libcurl	7.29.0	<built-in method update of dict object at 0x72a9cc7be0c0>	Application
haxx	libcurl	7.30.0	<built-in method update of dict object at 0x72a9b0df4f40>	Application
haxx	libcurl	7.31.0	<built-in method update of dict object at 0x72a9b0df6880>	Application
haxx	libcurl	7.32.0	<built-in method update of dict object at 0x72a9b0df5740>	Application
haxx	libcurl	7.33.0	<built-in method update of dict object at 0x72a9b0df5080>	Application
haxx	libcurl	7.34.0	<built-in method update of dict object at 0x72a9b0df4840>	Application
haxx	libcurl	7.35.0	<built-in method update of dict object at 0x72a9b0df6940>	Application
haxx	libcurl	7.36.0	<built-in method update of dict object at 0x72a9b0df7800>	Application
haxx	libcurl	7.37.0	<built-in method update of dict object at 0x72a9b0df6840>	Application
haxx	libcurl	7.37.1	<built-in method update of dict object at 0x72a9cc426ec0>	Application
haxx	libcurl	7.38.0	<built-in method update of dict object at 0x72a9ccf00a00>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:apple:mac_os_x:10.10.0:::::::*`
Yes	`cpe:2.3:o:apple:mac_os_x:10.10.1:::::::*`
Yes	`cpe:2.3:o:apple:mac_os_x:10.10.2:::::::*`
Yes	`cpe:2.3:o:apple:mac_os_x:10.10.3:::::::*`
Yes	`cpe:2.3:o:apple:mac_os_x:10.10.4:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:opensuse:opensuse:13.1:::::::*`
Yes	`cpe:2.3:o:opensuse:opensuse:13.2:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:oracle:hyperion:11.1.2.2:::::::*`
Yes	`cpe:2.3:a:oracle:hyperion:11.1.2.3:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:7.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:haxx:libcurl:7.17.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.18.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.18.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.18.2:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.2:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.3:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.4:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.5:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.6:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.19.7:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.20.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.20.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.2:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.3:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.4:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.5:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.6:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.21.7:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.22.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.23.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.23.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.24.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.25.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.26.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.27.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.28.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.28.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.29.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.30.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.31.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.32.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.33.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.34.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.35.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.36.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.37.0:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.37.1:::::::*`
Yes	`cpe:2.3:a:haxx:libcurl:7.38.0:::::::*`

References

http://curl.haxx.se/docs/adv_20141105.html
Source: [email protected]

Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
Source: [email protected]
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html
Source: [email protected]

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1254.html
Source: [email protected]
http://www.debian.org/security/2014/dsa-3069
Source: [email protected]

Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: [email protected]
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Source: [email protected]

Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Source: [email protected]

Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: [email protected]
http://www.securityfocus.com/bid/70988
Source: [email protected]
http://www.ubuntu.com/usn/USN-2399-1
Source: [email protected]

Third Party Advisory
https://support.apple.com/kb/HT205031
Source: [email protected]

Third Party Advisory
http://curl.haxx.se/docs/adv_20141105.html
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1254.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2014/dsa-3069
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/70988
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-2399-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://support.apple.com/kb/HT205031
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory