The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
precise/esm curl 7.22.0-3ubuntu4.18
trusty curl 7.35.0-1ubuntu2.11
upstream curl 7.54.0,7.52.1-4
xenial curl 7.47.0-1ubuntu2.3
zesty curl 7.52.1-4ubuntu1.2


Release Package Reason
precise curl ignored
vivid/stable-phone-overlay curl ignored
vivid/ubuntu-core curl ignored
yakkety curl ignored
artful curl not-affected
devel curl not-affected