CURL-CVE-2017-1000099

Source
https://curl.se/docs/CVE-2017-1000099.html
Import Source
https://curl.se/docs/CURL-CVE-2017-1000099.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2017-1000099
Aliases
Published
2017-08-09T08:00:00Z
Modified
2024-01-16T03:42:45.405362Z
Summary
FILE buffer read out of bounds
Details

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers.

The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed.

The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.

References
Credits
    • Even Rouault - FINDER
    • Even Rouault - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.54.1
Fixed
7.55.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.54.1