CURL-CVE-2017-1000099

See a problem?
Source
https://curl.se/docs/CVE-2017-1000099.html
Import Source
https://curl.se/docs/CURL-CVE-2017-1000099.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2017-1000099
Aliases
Published
2017-08-09T08:00:00Z
Modified
2024-01-16T03:42:45.405362Z
Summary
FILE buffer read out of bounds
Details

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers.

The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed.

The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.

References
Credits
    • Even Rouault - FINDER
    • Even Rouault - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.54.1
Fixed
7.55.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
7c312f84ea930d89c0f0f774b50032c4f9ae30e4
Fixed
c9332fa5e84f24da300b42b1a931ade929d3e27d

Affected versions

7.*

7.54.1