{
  "threat_severity" : "Moderate",
  "public_date" : "2014-11-05T00:00:00Z",
  "bugzilla" : {
    "description" : "curl: incorrect handle duplication after COPYPOSTFIELDS",
    "id" : "1154941",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154941"
  },
  "cvss" : {
    "cvss_base_score" : "4.0",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "(CWE-125|CWE-416)",
  "details" : [ "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.", "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory." ],
  "statement" : "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.",
  "acknowledgement" : "Red Hat would like to thank cURL project for reporting this issue. Upstream acknowledges Symeon Paraschoudis as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-20T00:00:00Z",
    "advisory" : "RHSA-2015:1254",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "curl-0:7.19.7-46.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2159",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "curl-0:7.29.0-25.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Virtualization 3",
    "fix_state" : "Fix deferred",
    "package_name" : "mingw-virt-viewer",
    "cpe" : "cpe:/a:redhat:enterprise_linux:7::hypervisor"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-3707\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3707\nhttp://curl.haxx.se/docs/adv_20141105.html" ],
  "name" : "CVE-2014-3707",
  "csaw" : false
}