CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in…

CVE-2016-9586 [MEDIUM] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handle

CVE-2016-9586 [MEDIUM] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to

CVE-2017-7407 [LOW] CWE-125 curl: --write-out out of bounds read curl: --write-out out of bounds read The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. Statement: This flaw did not affect Red Hat Enterprise Linux 8 and Red Hat Software Collections 3, as they already included the fixed version of the `curl` package. Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Not affected Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Not affected Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Not affected Pa

CVE-2017-7407 [LOW] CVE-2017-7407: curl - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physicall... The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. Scope: local bookworm: resolved (fixed in 7.52.1-4) bullseye: resolved (fixed in 7.52.1-4) forky: resolved (fixed in 7.52.1-4) sid: resolved (fixed in 7.52.1-4) trixie: resolved (fixed in 7.52.1-4)

CVE-2017-7407 [LOW] CWE-119 GHSA-wc6r-j2hr-524x: The ourWriteOut function in tool_writeout The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

CVE-2016-9586 [HIGH] curl vulnerabilities curl vulnerabilities Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain

CVE-2017-7407 [LOW] CVE-2017-7407: The ourWriteOut function in tool_writeout The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

CVE-2017-7407 [LOW] CVE-2017-7407 curl: --write-out out of bounds read [fedora-all] CVE-2017-7407 curl: --write-out out of bounds read [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. Wh

CVE-2017-7407 [LOW] CVE-2017-7407 curl: --write-out out of bounds read CVE-2017-7407 curl: --write-out out of bounds read The ourWriteOut function in tool_writeout.c in curl might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. External References: https://curl.haxx.se/docs/adv_20170403.html Upstream patches: https://github.com/curl/curl/commit/1890d59905414ab84a https://github.com/curl/curl/commit/8e65877870c1 Discussion: Created curl tracking bugs for this issue: Affects: fedora-all [bug 1439191] Created mingw-curl tracking bugs for this issue: Affects: epel-7 [bug 1439193] Affects: fedora-all [bug 1439192] --- This issue has been add

CVE-2017-7407 [LOW] CVE-2017-7407 mingw-curl: curl: --write-out out of bounds read [epel-7] CVE-2017-7407 mingw-curl: curl: --write-out out of bounds read [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. Discussion: Use the following template to for the 'fedpkg upd

CVE-2017-7407 [LOW] CVE-2017-7407 mingw-curl: curl: --write-out out of bounds read [fedora-all] CVE-2017-7407 mingw-curl: curl: --write-out out of bounds read [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions o