Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
188
VMScore

CVE-2017-7407

Published: 03/04/2017 Updated: 03/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 2.4 | Impact Score: 1.4 | Exploitability Score: 0.9
VMScore: 188
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Haxx

Vulnerability Summary

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate malicious users to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl 7.53.1

Vendor Advisories

Red Hat: Moderate: httpd24 security, bug fix, and enhancement update
Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Debian CVElist Bug Report Logs: curl: CVE-2017-7407
Debian Bug report logs - #859500 curl: CVE-2017-7407 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Apr 2017 12:15:01 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Found in version curl/7 ...
Ubuntu Security Notice: curl vulnerabilities
Several security issues were fixed in curl ...
Ubuntu Security Notice: curl vulnerabilities
Several security issues were fixed in curl ...
Amazon Linux AMI: ALAS-2017-850
The ourWriteOut function in tool_writeoutc in curl 7531 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a certain character, which leads to a heap-based buffer over-read(CVE-2017-7407 ) ...
Red Hat: CVE-2017-7407
The ourWriteOut function in tool_writeoutc in curl 7531 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read ...

References

CWE-119https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13https://security.gentoo.org/glsa/201709-14http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://access.redhat.com/errata/RHSA-2018:3558https://access.redhat.com/errata/RHSA-2018:3558https://nvd.nist.govhttps://usn.ubuntu.com/3441-2/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook