#VU7882 Out-of-bounds read in libcurl and cURL - CVE-2017-1000099


Vulnerability identifier: #VU7882

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-1000099

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
libcurl
Universal components / Libraries / Libraries used by multiple products
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description
The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to out-of bounds read. A local attacker can load a specially crafted 'file://' URL to cause the curl application to return data from system memory.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation
Update to version 7.55.0.

Vulnerable software versions

libcurl: 7.10.6 - 7.54.0

cURL: 7.1 - 7.53.0

External links
https://curl.haxx.se/docs/adv_20170809C.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Arch Linux update for lib32-curl
Arch Linux update for lib32-libcurl-gnutls
Arch Linux update for libcurl-gnutls
Arch Linux update for lib32-libcurl-compat
Arch Linux update for libcurl-compat
Gentoo update for cURL
Amazon Linux AMI update for curl
Arch Linux update for curl
Out-of-bounds read in curl (Alpine package)
Information disclosure in cURL