The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a โ%โ character, which leads to a heap-based buffer over-read.
CPE | Name | Operator | Version |
---|---|---|---|
curl | eq | 7.28.0-r0 | |
curl | eq | 7.21.1-r0 | |
curl | eq | curl-7_19_6 | |
curl | eq | before_urldata_rename | |
curl | eq | 7.47.0-r0 | |
curl | eq | 7.49.1-r2 | |
curl | eq | curl-7_9_7 | |
curl | eq | 7.28.1-r0 | |
curl | eq | curl-7_16_0 | |
curl | eq | curl-7_45_0 |