CVE-2012-0036
Priority
Medium
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special
characters during extraction of a pathname from a URL, which allows remote
attackers to conduct data-injection attacks via a crafted URL, as
demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3)
SMTP protocol.
characters during extraction of a pathname from a URL, which allows remote
attackers to conduct data-injection attacks via a crafted URL, as
demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3)
SMTP protocol.
References
Notes
mdeslaur> curl 7.20.0 to and including 7.23.1 only
Assigned-to
mdeslaur
Package
| Upstream: | released (7.24.0) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected (7.18.0-1ubuntu2.3) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (7.19.7-1ubuntu1.1) |
| Ubuntu 11.04 (Natty Narwhal): | released (7.21.3-1ubuntu1.5) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (7.21.6-3ubuntu3.2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (7.22.0-3ubuntu2) |