Out-of-Bounds Affecting curl package, versions <7.52.1-4
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-CURL-516448
- published 3 Apr 2017
- disclosed 3 Apr 2017
Introduced: 3 Apr 2017
CVE-2017-7407 Open this link in a new tabHow to fix?
Upgrade Debian:11
curl
to version 7.52.1-4 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream curl
package and not the curl
package as distributed by Debian:11
.
See How to fix?
for Debian:11
relevant fixed versions and status.
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.