CVE-2014-8150

Priority
Description
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when
using an HTTP proxy, allows remote attackers to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks via CRLF sequences in a
URL.
Assigned-to
mdeslaur
Notes
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.38.0-4)
Ubuntu 14.04 ESM (Trusty Tahr):released (7.35.0-1ubuntu2.3)
Patches:
Upstream:http://curl.haxx.se/CVE-2014-8150.patch
Upstream:https://github.com/bagder/curl/commit/178bd7db34f77e020fb8562890c5625ccbd67093
Upstream:https://github.com/bagder/curl/commit/3df8e78860d3a3d3cf95252bd2b4ad5fd53360cd
More Information

Updated: 2019-12-05 18:38:31 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)