2.4 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.4%
Package : curl
Version : 7.26.0-1+wheezy18+deb7u1
CVE ID : CVE-2017-7407
It was discovered that there was a buffer read overrun vulnerability in curl,
a tool for downloading files from the internet, etc.
If a "%" ended the --write-out parameter, the string's trailing NUL would be
skipped and memory past the end of the buffer could be accessed and potentially
displayed as part of the output.
For Debian 7 "Wheezy", this issue has been fixed in curl version
7.26.0-1+wheezy18+deb7u1.
We recommend that you upgrade your curl packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armel | libcurl3-dbg | <ย 7.26.0-1+wheezy19 | libcurl3-dbg_7.26.0-1+wheezy19_armel.deb |
Debian | 7 | armel | libcurl3 | <ย 7.26.0-1+wheezy19 | libcurl3_7.26.0-1+wheezy19_armel.deb |
Debian | 7 | armhf | libcurl3-gnutls | <ย 7.26.0-1+wheezy19 | libcurl3-gnutls_7.26.0-1+wheezy19_armhf.deb |
Debian | 7 | armel | libcurl3-nss | <ย 7.26.0-1+wheezy19 | libcurl3-nss_7.26.0-1+wheezy19_armel.deb |
Debian | 7 | i386 | libcurl4-gnutls-dev | <ย 7.26.0-1+wheezy19 | libcurl4-gnutls-dev_7.26.0-1+wheezy19_i386.deb |
Debian | 7 | amd64 | curl | <ย 7.26.0-1+wheezy19 | curl_7.26.0-1+wheezy19_amd64.deb |
Debian | 7 | armhf | libcurl4-openssl-dev | <ย 7.26.0-1+wheezy19 | libcurl4-openssl-dev_7.26.0-1+wheezy19_armhf.deb |
Debian | 7 | i386 | libcurl3-nss | <ย 7.26.0-1+wheezy19 | libcurl3-nss_7.26.0-1+wheezy19_i386.deb |
Debian | 7 | amd64 | libcurl3 | <ย 7.26.0-1+wheezy19 | libcurl3_7.26.0-1+wheezy19_amd64.deb |
Debian | 7 | amd64 | libcurl4-openssl-dev | <ย 7.26.0-1+wheezy19 | libcurl4-openssl-dev_7.26.0-1+wheezy19_amd64.deb |
2.4 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.4%