Lucene search

K
ubuntucve
Ubuntu.comUB:CVE-2012-0036
HistoryJan 24, 2012 - 12:00 a.m.

CVE-2012-0036

2012-01-2400:00:00
ubuntu.com
ubuntu.com
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

curl and libcurl 7.2x before 7.24.0 do not properly consider special
characters during extraction of a pathname from a URL, which allows remote
attackers to conduct data-injection attacks via a crafted URL, as
demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3)
SMTP protocol.

Notes

Author Note
mdeslaur curl 7.20.0 to and including 7.23.1 only
OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchcurl< 7.21.0-1ubuntu1.3UNKNOWN
ubuntu11.04noarchcurl< 7.21.3-1ubuntu1.5UNKNOWN
ubuntu11.10noarchcurl< 7.21.6-3ubuntu3.2UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

Related for UB:CVE-2012-0036