CVE-2014-3707

Public on 2014-11-15
Modified on 2015-02-11
Description

A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.

Severity
Medium
See what this means
CVSS v3 Base Score
4.0
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 curl 2015-02-11 ALAS-2015-477

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.0 AV:N/AC:H/Au:N/C:P/I:N/A:P
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N