CVE-2014-3707

Public on 2014-11-15

Modified on 2015-02-11

Description

A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.

Severity

Medium

See what this means

CVSS v3 Base Score

4.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	curl	2015-02-11	ALAS-2015-477

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	4.0	AV:N/AC:H/Au:N/C:P/I:N/A:P
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:P/I:N/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2014-3707 Mitre: CVE-2014-3707