Wind River Support Network

HomeDefectsLIN7-1751

Fixed

LIN7-1751 : Security Advisory - curl - CVE-2014-3707

Created: Nov 16, 2014 Updated: Sep 8, 2018

Resolved Date: Aug 4, 2015

Found In Version: 7.0.0.7

Fix Version: 7.0.0.9

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3707

Other Downloads

Wind River Linux 7.0.0.14
Wind River Linux 7.0.0.15
Wind River Linux 7.0.0.16
Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2014-3707