Lucene search

K
osvGoogleOSV:DLA-134-1
HistoryJan 15, 2015 - 12:00 a.m.

curl - security update

2015-01-1500:00:00
Google
osv.dev
19

EPSS

0.006

Percentile

78.0%

Andrey Labunets of Facebook discovered that cURL, an URL transfer
library, fails to properly handle URLs with embedded end-of-line
characters. An attacker able to make an application using libcurl to
access a specially crafted URL via an HTTP proxy could use this flaw to
do additional requests in a way that was not intended, or insert
additional request headers into the request.

For Debian 6 Squeeze, these issues have been fixed in curl version 7.21.0-2.1+squeeze11