CVE-2017-7407

Public on 2017-06-22
Modified on 2017-06-22
Description
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.
Severity
Low
CVSS v3 Base Score
2.4
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 curl 2017-06-22 19:24 ALAS-2017-850

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 2.4 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 2.4 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N