CVE-2014-3707
Description
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.371
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.6 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.4 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.5 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.7 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.22.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.23.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.23.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.24.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.25.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.26.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.27.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.28.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.28.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.29.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.30.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.31.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.32.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.33.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.17.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.18.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.18.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.18.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.4 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.5 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.6 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.7 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.20.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.20.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.34.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.35.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.36.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.37.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.37.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.38.0 | Windows |
| Vulnerabilities CVE-2014-3707 are fixed in Curl For Windows 7.39.0 | Windows |
| Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Update | Mac |
| Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo Update | Mac |
| Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3707) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-600354 | OS X Yosemite 10.10.5 Update |
| PATCH-600458 | OS X Yosemite 10.10.5 Combo Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234