Wind River Support Network

HomeDefectsLIN6-8748

Fixed

LIN6-8748 : Security Advisory - curl - CVE-2014-3707

Created: Nov 16, 2014 Updated: Dec 3, 2018

Resolved Date: Dec 3, 2014

Found In Version: 6.0.0.13

Fix Version: 6.0.0.15

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3707

Other Downloads

Wind River Linux 6.0.0.29
Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38