Описание
CURL before 7.68.0 lacks proper input validation, which allows users to create a FILE: URL that can make the client access a remote file using SMB (Windows-only issue).
CURL before 7.68.0 lacks proper input validation, which allows users to create a FILE: URL that can make the client access a remote file using SMB (Windows-only issue).
CVE ID
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
[REJECTED CVE] A vulnerability has been identified in libcurl, where a FILE:// URL crafted with two slashes (or backslashes) followed by a hostname can cause Windows systems to treat the path as an SMB request instead of accessing a local file. This unintended behavior may allow an attacker to redirect file access requests to a malicious SMB server. Applications that allow user-provided URLs or URL parts are particularly vulnerable, potentially exposing sensitive data or enabling unauthorized network interactions.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none