CVE-2017-7407 - cURL tool_writeout.c vulnerability

After a little delay, I finally received a CVE for the cURL flaw that I blogged about here.

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

As always, if you like the work I'm doing, you can show your support through Patreon, PayPal or via Bitcoin: 1LcCefcdue8XTMj3zXjkXgCJk6S71kAtah. Thank you!

Geeknik Labs

Also on this blog

SHARE:  Email · Facebook · Google · Twitter · Tumblr · Kindle
SUBSCRIBE:  Receive an email on new posts from Geeknik Labs

Comments


  • Notify me upon new comments

☺ Got it