Описание
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.22.0-3ubuntu2 |
| hardy | not-affected | 7.18.0-1ubuntu2.3 |
| lucid | not-affected | 7.19.7-1ubuntu1.1 |
| maverick | released | 7.21.0-1ubuntu1.3 |
| natty | released | 7.21.3-1ubuntu1.5 |
| oneiric | released | 7.21.6-3ubuntu3.2 |
| upstream | released | 7.24.0 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
curl and libcurl 7.2x before 7.24.0 do not properly consider special c ...
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.5 High
CVSS2