vulnerability

FreeBSD: VID-04f29189-1a05-11e7-bc6e-b499baebfeaf (CVE-2017-7407): cURL -- potential memory disclosure

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Apr 5, 2017	Apr 10, 2017	Dec 10, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Apr 5, 2017

Added

Apr 10, 2017

Modified

Dec 10, 2025

Description

The cURL project reports: There were two bugs in curl's parser for the command line option --write-out (or -w for short) that would skip the end of string zero byte if the string ended in a % (percent) or \ (backslash), and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the target file etc.. This flaw only exists in the command line tool. We are not aware of any exploit of this flaw.

Solution

freebsd-upgrade-package-curl

References

CVE-2017-7407
https://attackerkb.com/topics/CVE-2017-7407
CWE-119

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today