CVE-2014-3707

{"id": "CVE-2014-3707", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-15T20:59:00.140", "references": [{"url": "http://curl.haxx.se/docs/adv_20141105.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1254.html", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2014/dsa-3069", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/70988", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2399-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/kb/HT205031", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://curl.haxx.se/docs/adv_20141105.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1254.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2014/dsa-3069", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70988", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2399-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT205031", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information."}, {"lang": "es", "value": "La funci\u00f3n curl_easy_duphandle en libcurl 7.17.1 hasta 7.38.0, cuando se ejecuta con la opci\u00f3n CURLOPT_COPYPOSTFIELDS, no copia debidamente datos HTTP POST para un manejo sencillo, lo que provoca una lectura fuera de rango que permite a servidores web remotos leer informaci\u00f3n sensible de la memoria."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8A2286E-9D1C-4B56-8B40-150201B818AF"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "831B1114-7CA7-43E3-9A15-592218060A1F"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B0A12E-E122-4189-A05E-4FEA43C19876"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:hyperion:11.1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74DA49AC-B255-470A-839D-210EA929AB96"}, {"criteria": "cpe:2.3:a:oracle:hyperion:11.1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D31D1BC-B017-4464-A0E3-84C2F20887C3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08C8EE1E-E186-42D6-8B12-05865C73F261"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEA3D88B-41B9-4D79-B47D-B3D6058C0C27"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2C80901-D48E-4C2A-9BED-A40007A11C97"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331A51E4-AA73-486F-9618-5A83965F2436"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB32DF2C-9208-4853-ADEB-B00D764D7467"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E05636DC-7E38-4605-AAB8-81C0AE37520A"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "624DF2F1-53FD-48D3-B93D-44E99C9C0C5D"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2171C7C-311A-4405-B95F-3A54966FA844"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DE20A41-8B53-46FC-9002-69CC7495171F"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87ED9DA0-E880-4CBB-B1AC-5AEE8A004718"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5293C7F0-BF9F-4768-889A-876CE78903CC"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3EB41B3-65F3-4B0E-8CCC-325B14AF605B"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "857B244C-2AFB-40C7-A893-7C6DE9871BCE"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B732CE55-820A-40E0-A885-71BBB6CF8C15"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0455A5F2-1515-4CD8-BA2F-74D28E91A661"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29034B3A-BE9D-4D68-8C56-4465C03C3693"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6249538E-FBCB-4130-91FB-DA78D7BA45DE"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E11B8A5-50A2-468F-BFB3-86DD9D28AC73"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EAE25A0-3828-46F1-AB30-88732CBC9F38"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1533A85C-2160-445D-8787-E624AEDC5A0C"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D87B9393-7EA4-43DA-900C-7E840AE2D4C2"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D1249E9-304F-4952-8DAB-8B79CE5E7D54"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83FAF953-6A65-4FAB-BDB5-03B468CD1C9A"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29F8FF1F-A639-4161-9366-62528AAF4C07"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "812AB429-379A-4EDE-9664-5BC2989053F6"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13DD791F-C4BD-4456-955A-92E84082AA09"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A17E442-45AA-4780-98B4-9BF764DCC1C5"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6AF544C-5F16-4434-B9FB-93B1B7318950"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBFD9ED9-2412-44AE-9C55-0ED03A121B23"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E66A332-ECD1-4452-B444-FB629022FDF0"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDD3D599-35E9-4590-B5E0-3AF04D344695"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FAC1B55-F492-484E-B837-E7745682DE0A"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0D57914-B40A-462B-9C78-6433BE2B2DB4"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9A12DF7-62C5-46AD-9236-E2821C64156E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}