The ourWriteOut function in tool_writeout.c in curl might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. External References: https://curl.haxx.se/docs/adv_20170403.html Upstream patches: https://github.com/curl/curl/commit/1890d59905414ab84a https://github.com/curl/curl/commit/8e65877870c1
Created curl tracking bugs for this issue: Affects: fedora-all [bug 1439191] Created mingw-curl tracking bugs for this issue: Affects: epel-7 [bug 1439193] Affects: fedora-all [bug 1439192]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558
Statement: This flaw did not affect Red Hat Enterprise Linux 8 and Red Hat Software Collections 3, as they already included the fixed version of the `curl` package.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-7407