Descriptioncurl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SU-2012:0143-1, published Fri Feb 3 15:08:39 MST 2012
- openSUSE-SU-2012:0229-1, published Thu, 9 Feb 2012 19:10:39 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.4|| |
|openSUSE 11.4|| ||Patchnames:
Status of this issue by product and package
|SUSE Linux Enterprise Desktop 10 SP3||curl||Released|
|SUSE Linux Enterprise Desktop 10 SP4||curl||Released|
|SUSE Linux Enterprise Server 10 SP3||curl||Released|
|SUSE Linux Enterprise Server 10 SP4||curl||Released|
|SUSE Linux Enterprise Server 10 SP4 LTSS||curl||Released|