Lucene search

[email protected]CVE-2012-0036

HistoryApr 13, 2012 - 8:55 p.m.

CVE-2012-0036

2012-04-1320:55:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-0036

data-injection

remote attack

curl

libcurl

url

crlf injection

imap

pop3

smtp

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

Affected configurations

NVD

Node

curlcurlMatch7.20.0

curlcurlMatch7.20.1

curlcurlMatch7.21.0

curlcurlMatch7.21.1

curlcurlMatch7.21.2

curlcurlMatch7.21.3

curlcurlMatch7.21.4

curlcurlMatch7.21.5

curlcurlMatch7.21.6

curlcurlMatch7.21.7

curlcurlMatch7.22.0

curlcurlMatch7.23.0

curlcurlMatch7.23.1

Node

curllibcurlMatch7.20.0

curllibcurlMatch7.20.1

curllibcurlMatch7.21.0

curllibcurlMatch7.21.1

curllibcurlMatch7.21.2

curllibcurlMatch7.21.3

curllibcurlMatch7.21.4

curllibcurlMatch7.21.5

curllibcurlMatch7.21.6

curllibcurlMatch7.21.7

curllibcurlMatch7.22.0

curllibcurlMatch7.23.0

curllibcurlMatch7.23.1

CPENameOperatorVersion
curl:curlcurleq7.20.0
curl:curlcurleq7.20.1
curl:curlcurleq7.21.0
curl:curlcurleq7.21.1
curl:curlcurleq7.21.2
curl:curlcurleq7.21.3
curl:curlcurleq7.21.4
curl:curlcurleq7.21.5
curl:curlcurleq7.21.6
curl:curlcurleq7.21.7

CPE	Name	Operator	Version
curl:curl	curl	eq	7.20.0
curl:curl	curl	eq	7.20.1
curl:curl	curl	eq	7.21.0
curl:curl	curl	eq	7.21.1
curl:curl	curl	eq	7.21.2
curl:curl	curl	eq	7.21.3
curl:curl	curl	eq	7.21.4
curl:curl	curl	eq	7.21.5
curl:curl	curl	eq	7.21.6
curl:curl	curl	eq	7.21.7