Descriptioncurl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SU-2012:0143-1, published Fri Feb 3 15:08:39 MST 2012
- openSUSE-SU-2012:0229-1, published Thu, 9 Feb 2012 19:10:39 +0100 (CET)
SUSE Timeline for this CVECVE page created: Fri Jun 28 08:25:30 2013
CVE page last modified: Sat May 13 11:19:50 2023