7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.7%
curl and libcurl 7.2x before 7.24.0 do not properly consider special
characters during extraction of a pathname from a URL, which allows remote
attackers to conduct data-injection attacks via a crafted URL, as
demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3)
SMTP protocol.
Author | Note |
---|---|
mdeslaur | curl 7.20.0 to and including 7.23.1 only |