CVE-2012-0036

Priority
Medium
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special
characters during extraction of a pathname from a URL, which allows remote
attackers to conduct data-injection attacks via a crafted URL, as
demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3)
SMTP protocol.
References
Notes
mdeslaur> curl 7.20.0 to and including 7.23.1 only
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.24.0)
Ubuntu 12.04 LTS (Precise Pangolin):released (7.22.0-3ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-15 19:39:05 UTC (commit 9690)