4 matches found
CVE-2009-0037
CVE-2009-0037 affects curl/libcurl 5.11–7.19.3 when CURLOPT_FOLLOWLOCATION is enabled. The redirect code accepts arbitrary Location values, allowing: (1) triggering requests to intranet servers, (2) reading/writing files via file: URLs, and (3) executing commands via scp: URLs. Affected platforms...
CVE-2009-2417
CVE-2009-2417 affects lib/ssluse.c in curl/libcurl 7.4–7.19.5 when OpenSSL is used. The flaw is that a '�' character in the X.509 certificate CN may bypass domain-name checks, enabling MITM spoofing of SSL servers via certificates from a trusted CA. Impact and exploitability are described in the ...
CVE-2010-0734
CVE-2010-0734 affects libcurl 7.10.5–7.19.7 when zlib is enabled. The defect in content_encoding.c allows a remote attacker to send crafted compressed data that bypasses the data-length limit, potentially causing an application crash (DoS) or other impact. Affected releases and the fix are docume...
CVE-2012-0036
CVE-2012-0036 affects curl/libcurl 7.2x prior to 7.24.0. The issue arises from not correctly handling special characters when extracting a URL pathname, enabling data-injection via crafted URLs and enabling CRLF injection in IMAP/POP3/SMTP paths. The CVSS metrics in the record show a Base score o...