CVE-2014-3707

Name of the Vulnerable Software and Affected Versions libcurl versions 7.17.1 through 7.38.0

Description The issue arises when using the CURLOPT COPYPOSTFIELDS option for HTTP POST transfers with libcurl. This option allows specifying a memory area holding the data to send to the remote server. However, the curl easy duphandle function does not properly copy this data for an easy handle, leading to an out-of-bounds read. This can allow remote web servers to read sensitive memory information. The problem occurs because the internal libcurl function that duplicates options from the old handle to the new mistakenly treats the post data buffer as a C string and uses strdup() to duplicate it, which can create a copy that is too small, too large, or can crash due to reading an inaccessible memory area. Furthermore, the pointer used to read from when sending the data is not updated after duplication of the handle data, causing libcurl to still read from the original handle's buffer, which could have been freed or reused.

Recommendations For libcurl versions 7.17.1 through 7.38.0, consider disabling the curl easy duphandle function until a patch is available to prevent potential exploitation. Restrict access to the CURLOPT COPYPOSTFIELDS option to minimize the risk of sensitive data being sent unintentionally. Avoid using the CURLOPT COPYPOSTFIELDS option for HTTP POST transfers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.