Unrated severityNVD Advisory· Published Nov 15, 2014· Updated May 6, 2026
CVE-2014-3707
CVE-2014-3707
Description
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
Affected products
57cpe:2.3:a:oracle:hyperion:11.1.2.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:hyperion:11.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion:11.1.2.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*+ 41 more
- cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- curl.haxx.se/docs/adv_20141105.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2015-02/msg00040.htmlnvdThird Party Advisory
- www.debian.org/security/2014/dsa-3069nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlnvdVendor Advisory
- www.ubuntu.com/usn/USN-2399-1nvdThird Party Advisory
- support.apple.com/kb/HT205031nvdThird Party Advisory
- kb.juniper.net/InfoCenter/indexnvd
- rhn.redhat.com/errata/RHSA-2015-1254.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvd
- www.securityfocus.com/bid/70988nvd
News mentions
0No linked articles in our index yet.