Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2012-0036

UNKNOWN
Published 2012-04-13T20:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2012-0036. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-xxw5-p895-cp2c

Advisory Details

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

CVSS Scoring

CVSS Score

7.5

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-0036
WEB https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
WEB https://bugzilla.redhat.com/show_bug.cgi?id=773457
WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
WEB http://curl.haxx.se/curl-url-sanitize.patch
WEB http://curl.haxx.se/docs/adv_20120124.html
WEB http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
WEB http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
WEB http://secunia.com/advisories/48256
WEB http://security.gentoo.org/glsa/glsa-201203-02.xml
WEB http://support.apple.com/kb/HT5281
WEB http://www.debian.org/security/2012/dsa-2398
WEB http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
WEB http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
WEB http://www.securityfocus.com/bid/51665
WEB http://www.securitytracker.com/id/1032924

Advisory provided by GitHub Security Advisory Database. Published: May 4, 2022, Modified: May 4, 2022

References

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
http://www.securitytracker.com/id/1032924
http://www.debian.org/security/2012/dsa-2398
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://www.securityfocus.com/bid/51665
http://secunia.com/advisories/48256
http://curl.haxx.se/docs/adv_20120124.html
http://curl.haxx.se/curl-url-sanitize.patch
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://bugzilla.redhat.com/show_bug.cgi?id=773457
http://support.apple.com/kb/HT5281
https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

HackerOne Reports

curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection None
mdakh404
curl
CRLF Injection
View Report
Published: 2012-04-13T20:00:00
Last Modified: 2024-08-06T18:09:17.303Z
Copied to clipboard!