Security Advisory

CVE-2014-3707

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-11-15 20:00:00

Last updated 2024-08-06 10:50:17

Assigner redhat

State PUBLISHED

Description

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

← Browse all CVEs View on cve.org ↗