Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Curl, desde la versión 7.14.1 hasta la 7.61.1, es vulnerable a una sobrelectura de búfer basada en memoria dinámica (heap) en la función tool_msgs.c:voutf() que podría resultar en una exposición de información y una denegación de servicio (DoS).
AV:N/AC:L/Au:N/C:P/I:N/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | NONE |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-125
|
| [email protected] | Primary |
en
CWE-125
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| haxx | curl | * | <built-in method update of dict object at 0x72a9a3093dc0> | Application |
| canonical | ubuntu_linux | 12.04 | <built-in method update of dict object at 0x72a99a7f0080> | Operating System |
| canonical | ubuntu_linux | 14.04 | <built-in method update of dict object at 0x72a9b0c46200> | Operating System |
| canonical | ubuntu_linux | 16.04 | <built-in method update of dict object at 0x72a9b0c46a80> | Operating System |
| canonical | ubuntu_linux | 18.04 | <built-in method update of dict object at 0x72a9a3093c40> | Operating System |
| canonical | ubuntu_linux | 18.10 | <built-in method update of dict object at 0x72a9a30928c0> | Operating System |
| debian | debian_linux | 8.0 | <built-in method update of dict object at 0x72a9a3092b80> | Operating System |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x72a99a7f1a00> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* |
| Yes | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |