Security Advisory

CVE-2012-0036

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-04-13 20:00:00

Last updated 2024-08-06 18:09:17

Assigner redhat

State PUBLISHED

Description

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

← Browse all CVEs View on cve.org ↗