PT-2017-17715 · Curl+3 · Curl+3

Brian Carpenter

Publicado

2017-04-03

Atualizado

2026-05-18

CVE-2017-7407

CVSS v3.1

2.4

Baixa

Vetor

AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions curl version 7.53.1

Description The issue is related to the ourWriteOut function in tool writeout.c, which might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character. This leads to a heap-based buffer over-read. The curl security team notes that the memory this would output comes from the process the user itself invokes and that runs with the same privileges as the user, posing minimal risk. The flaw only exists in the command line tool.

Recommendations For curl version 7.53.1, consider avoiding the use of the --write-out argument ending in a '%' character until a patch is available. As a temporary workaround, restrict the use of the --write-out option to minimize the risk of exploitation.

Correção

Buffer Over-read

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-126CWE-119

Identificadores relacionados

ALT-PU-2017-1492

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2017-7407

DLA-883-1

MGASA-2018-0053

RHSA-2018:3558

SUSE-SU-2017:1042-1

SUSE-SU-2017:1043-1

SUSE-SU-2017:1117-1

SUSE-SU-2017:2312-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3441-1

USN-3441-2

Produtos afetados

Alt Linux

Suse

Ubuntu

Curl

PT-2017-17715 · Curl+3 · Curl+3

CVE-2017-7407

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 313