CVE-2014-3707

Published: Nov 15, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

Affected (57)

Products: Canonical: Ubuntu Linux · Apple: Mac Os X · Opensuse: Opensuse · +3 more

Show all products

Canonical: Ubuntu Linux · Apple: Mac Os X · Opensuse: Opensuse · Oracle: Hyperion · Debian: Debian Linux · Haxx: Libcurl

1 product

1 product

1 product

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.10.0
Apple Mac Os X	Version 10.10.1
Apple Mac Os X	Version 10.10.2
Apple Mac Os X	Version 10.10.3
Apple Mac Os X	Version 10.10.4

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Hyperion	Version 11.1.2.2
Oracle Hyperion	Version 11.1.2.3

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration F

42 vulnerable

Vulnerable Software	Affected Versions
Haxx Libcurl	Version 7.17.1
Haxx Libcurl	Version 7.18.0
Haxx Libcurl	Version 7.18.1
Haxx Libcurl	Version 7.18.2
Haxx Libcurl	Version 7.19.0
Haxx Libcurl	Version 7.19.1
Haxx Libcurl	Version 7.19.2
Haxx Libcurl	Version 7.19.3
Haxx Libcurl	Version 7.19.4
Haxx Libcurl	Version 7.19.5
Haxx Libcurl	Version 7.19.6
Haxx Libcurl	Version 7.19.7
Haxx Libcurl	Version 7.20.0
Haxx Libcurl	Version 7.20.1
Haxx Libcurl	Version 7.21.0
Haxx Libcurl	Version 7.21.1
Haxx Libcurl	Version 7.21.2
Haxx Libcurl	Version 7.21.3
Haxx Libcurl	Version 7.21.4
Haxx Libcurl	Version 7.21.5
Haxx Libcurl	Version 7.21.6
Haxx Libcurl	Version 7.21.7
Haxx Libcurl	Version 7.22.0
Haxx Libcurl	Version 7.23.0
Haxx Libcurl	Version 7.23.1
Haxx Libcurl	Version 7.24.0
Haxx Libcurl	Version 7.25.0
Haxx Libcurl	Version 7.26.0
Haxx Libcurl	Version 7.27.0
Haxx Libcurl	Version 7.28.0
Haxx Libcurl	Version 7.28.1
Haxx Libcurl	Version 7.29.0
Haxx Libcurl	Version 7.30.0
Haxx Libcurl	Version 7.31.0
Haxx Libcurl	Version 7.32.0
Haxx Libcurl	Version 7.33.0
Haxx Libcurl	Version 7.34.0
Haxx Libcurl	Version 7.35.0
Haxx Libcurl	Version 7.36.0
Haxx Libcurl	Version 7.37.0
Haxx Libcurl	Version 7.37.1
Haxx Libcurl	Version 7.38.0