{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-13T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "GLSA-201709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-14"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7407", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", "refsource": "MISC", "url": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13"}, {"name": "RHSA-2018:3558", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "GLSA-201709-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-14"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:11.297Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "GLSA-201709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201709-14"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7407", "datePublished": "2017-04-03T20:00:00", "dateReserved": "2017-04-03T00:00:00", "dateUpdated": "2024-08-05T16:04:11.297Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*", "matchCriteriaId": "641ACFC8-BDE2-42AC-8B3D-EF78695AD750", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read."}, {"lang": "es", "value": "La funci\u00f3n ourWriteOut en tool_writeout.c en curl 7.53.1 podr\u00eda permitir que los atacantes f\u00edsicamente pr\u00f3ximos obtengan informaci\u00f3n sensible de la memoria del proceso en circunstancias oportunistas leyendo una pantalla de la estaci\u00f3n de trabajo durante el uso de un argumento --write-out que termina en un car\u00e1cter '%', lo que conduce a desbordamiento de b\u00fafer basado en memoria din\u00e1mica."}], "id": "CVE-2017-7407", "lastModified": "2024-11-21T03:31:50.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-03T20:59:00.247", "references": [{"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201709-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201709-14"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-curl-0:7.61.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-httpd-0:2.4.34-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-nghttp2-0:1.7.1-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}], "bugzilla": {"description": "curl: --write-out out of bounds read", "id": "1439190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439190"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.4", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-125", "details": ["The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read."], "name": "CVE-2017-7407", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:1.0", "fix_state": "Not affected", "package_name": "rh-dotnetcore10-curl", "product_name": ".NET Core 1.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:1.1", "fix_state": "Not affected", "package_name": "rh-dotnetcore11-curl", "product_name": ".NET Core 1.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.0", "fix_state": "Not affected", "package_name": "rh-dotnet20-curl", "product_name": ".NET Core 2.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Will not fix", "package_name": "mingw-virt-viewer", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Will not fix", "package_name": "curl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2017-04-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7407\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7407\nhttps://curl.haxx.se/docs/adv_20170403.html"], "statement": "This flaw did not affect Red Hat Enterprise Linux 8 and Red Hat Software Collections 3, as they already included the fixed version of the `curl` package.", "threat_severity": "Low", "upstream_fix": "curl 7.54.0"}