Launchpad CVE tracker

CVE 2012-0036

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

Related bugs and status

CVE-2012-0036 (Candidate) is related to these bugs:

Bug #1003049: Merge curl 7.25.0-1 (main) from debian testing (main)

Summary				In	Importance	Status
	1003049	Merge curl 7.25.0-1 (main) from debian testing (main)		curl (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securitytra...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://lists.apple.com...
MISC: http://www.debian.org/...
MISC: http://security.gentoo...
MISC: http://h20000.www2.hp....
MISC: http://www.mandriva.co...
MISC: http://curl.haxx.se/cu...
MISC: http://curl.haxx.se/do...
MISC: http://support.apple.c...
MISC: http://www.oracle.com/...
MISC: https://bugzilla.redha...
MISC: https://github.com/bag...
MISC: https://h20566.www2.hp...

Launchpad.net

CVE 2012-0036

Related bugs and status

Related bugs

References