CVE-2017-1000099

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue arises when libcurl is used to retrieve a file from a file:// URL, and it attempts to provide meta-data about the file using HTTP-like headers. However, the code sends the wrong buffer to the user, which could be either stdout or the application's provided callback. This wrong buffer is an uninitialized memory area allocated on the heap. If this buffer does not contain any zero byte, the code will continue to display the data following that buffer in memory, potentially leading to the inadvertent display of other private data from the heap.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.