[3.7] curl: Multiple vulnerabilities (CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101)ID: oval:org.secpod.oval:def:1800233 | Date: (C)2018-03-29 (M)2022-02-07 |
Class: PATCH | Family: unix |
CVE-2017-1000099: FILE buffer read out of bounds¶ When asking to get a file from a file:// URL, libcurl provides a feature thatoutputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user , which could lead to other private data from the heap to get inadvertently displayed. Affected versions: libcurl 7.54.1 Not affected versions: libcurl = 7.55.0
Platform: |
Alpine Linux 3.7 |