CVE-2014-8150
Priority
Medium
Description
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when
using an HTTP proxy, allows remote attackers to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks via CRLF sequences in a
URL.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150
http://curl.haxx.se/docs/adv_20150108B.html
https://usn.ubuntu.com/usn/usn-2474-1
Assigned-to
mdeslaur
Package
Source:
curl
(
LP
Ubuntu
Debian
)
Upstream:
released
(7.38.0-4)
Ubuntu 14.04 LTS (Trusty Tahr)
:
released
(7.35.0-1ubuntu2.3)
Patches:
Upstream:
http://curl.haxx.se/CVE-2014-8150.patch
Upstream:
https://github.com/bagder/curl/commit/178bd7db34f77e020fb8562890c5625ccbd67093
Upstream:
https://github.com/bagder/curl/commit/3df8e78860d3a3d3cf95252bd2b4ad5fd53360cd
More Information
Mitre
NVD
Launchpad
Debian
Updated
: 2017-12-15 20:33:52 UTC (commit
13913
)