DEBIAN-CVE-2017-7407

DEBIAN-CVE-2017-7407 PUBLISHED CVSS 2.4000000953674316 LOW

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Risk Scores

CVSS v3.0

2.4000000953674316

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	curl	0, 0, 0
Debian:13	curl	0, 0, 0
Debian:14	curl	0, 0, 0
Debian:12	curl	0, 0, 0

Timeline

Apr 3, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-7407 advisory

Open in Interactive Console →