CVE-2017-1000099 Information

Description

When asking to get a file from a file:// URL libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application’s provide callback) which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte it would continue and display the data following that buffer in memory.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/100281 http://www.securitytracker.com/id/1039119 https://curl.haxx.se/0809C.patch https://curl.haxx.se/0809C.patch https://curl.haxx.se/docs/adv_20170809C.html https://curl.haxx.se/docs/adv_20170809C.html https://security.gentoo.org/glsa/201709-14 When asking to get a file from a file:// URL libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application’s provide callback) which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte it would continue and display the data following that buffer in memory. cpe:2.3:a:haxx:libcurl:7.54.1:::::::*

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5