CVE-2012-0036

Priority
Medium
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special
characters during extraction of a pathname from a URL, which allows remote
attackers to conduct data-injection attacks via a crafted URL, as
demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3)
SMTP protocol.
References
Notes
 mdeslaur> curl 7.20.0 to and including 7.23.1 only
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.24.0)
More Information

Updated: 2017-08-11 23:48:43 UTC (commit 13081)