Vulnerability-Lookup

CVE-2012-0036 (GCVE-0-2012-0036)

Vulnerability from cvelistv5 – Published: 2012-04-13 20:00 – Updated: 2024-08-06 18:09

Summary

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032924	vdb-entryx_refsource_SECTRACK
	http://www.debian.org/security/2012/dsa-2398	vendor-advisoryx_refsource_DEBIAN
	http://security.gentoo.org/glsa/glsa-201203-02.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/51665	vdb-entryx_refsource_BID
	http://secunia.com/advisories/48256	third-party-advisoryx_refsource_SECUNIA
	http://curl.haxx.se/docs/adv_20120124.html	x_refsource_CONFIRM
	http://curl.haxx.se/curl-url-sanitize.patch	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	https://bugzilla.redhat.com/show_bug.cgi?id=773457	x_refsource_CONFIRM
	http://support.apple.com/kb/HT5281	x_refsource_CONFIRM
	https://github.com/bagder/curl/commit/75ca568fa1c…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
          },
          {
            "name": "1032924",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032924"
          },
          {
            "name": "DSA-2398",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2398"
          },
          {
            "name": "GLSA-201203-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "name": "51665",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51665"
          },
          {
            "name": "48256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20120124.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/curl-url-sanitize.patch"
          },
          {
            "name": "MDVSA-2012:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5281"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
          },
          {
            "name": "APPLE-SA-2012-05-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
        },
        {
          "name": "1032924",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032924"
        },
        {
          "name": "DSA-2398",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2398"
        },
        {
          "name": "GLSA-201203-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
        },
        {
          "name": "51665",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51665"
        },
        {
          "name": "48256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20120124.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/curl-url-sanitize.patch"
        },
        {
          "name": "MDVSA-2012:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5281"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
        },
        {
          "name": "APPLE-SA-2012-05-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0036",
    "datePublished": "2012-04-13T20:00:00.000Z",
    "dateReserved": "2011-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:09:17.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-190

Vulnerability from certfr_avis - Published: 2012-04-05 - Updated: 2012-04-05

Deux vulnérabilités ont été corrigées dans curl. La première concerne une vulnérabilité liée à OpenSSL et l'utilisation de SSL_OP_ALL. La seconde affecte le traitement des URL.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Versions antérieures à 7.21.0-2.1+squeeze2 ;
N/A	N/A	Versions antérieures à 7.24.0-1.
N/A	N/A	Versions antérieures à 7.18.2-8lenny6 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Debian dsa-2398 du 31 mars 2012	None	vendor-advisory
Bulletin de sécurité Debian DSA 2398 du 31 mars 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 7.21.0-2.1+squeeze2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 7.24.0-1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 7.18.2-8lenny6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0036"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    }
  ],
  "initial_release_date": "2012-04-05T00:00:00",
  "last_revision_date": "2012-04-05T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2398 du 31 mars 2012 :",
      "url": "http://www.debian.org/security/2012/dsa-2398"
    }
  ],
  "reference": "CERTA-2012-AVI-190",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ecurl\u003c/span\u003e. La premi\u00e8re concerne une vuln\u00e9rabilit\u00e9 li\u00e9e\n\u00e0 \u003cspan class=\"textit\"\u003eOpenSSL\u003c/span\u003e et l\u0027utilisation de \u003cspan\nclass=\"textit\"\u003eSSL_OP_ALL\u003c/span\u003e. La seconde affecte le traitement des\n\u003cspan class=\"textit\"\u003eURL\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans curl",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-2398 du 31 mars 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-272

Vulnerability from certfr_avis - Published: 2012-05-10 - Updated: 2012-05-10

Trente-six vulnérabilités ont été corrigées dans OS X Lion. Il est possible d'exécuter du code arbitraire à distance, d'exécuter du code en local, d'obtenir des données sensibles et d'élever ses privilèges. De nombreuses applications et fonctions sont touchées, toutes sont décrites dans le bulletin Apple référencé dans la section « Documentation ».

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Lion v10.7.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5281 du 09 mai 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Lion v10.7.4.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
    },
    {
      "name": "CVE-2012-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0675"
    },
    {
      "name": "CVE-2012-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0649"
    },
    {
      "name": "CVE-2012-0661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0661"
    },
    {
      "name": "CVE-2012-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0658"
    },
    {
      "name": "CVE-2011-4815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4815"
    },
    {
      "name": "CVE-2011-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2692"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2011-3328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3328"
    },
    {
      "name": "CVE-2012-0659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0659"
    },
    {
      "name": "CVE-2011-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3212"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-2821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2821"
    },
    {
      "name": "CVE-2012-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0657"
    },
    {
      "name": "CVE-2012-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0652"
    },
    {
      "name": "CVE-2011-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1778"
    },
    {
      "name": "CVE-2011-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
    },
    {
      "name": "CVE-2012-0660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0660"
    },
    {
      "name": "CVE-2011-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1005"
    },
    {
      "name": "CVE-2012-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0036"
    },
    {
      "name": "CVE-2012-0662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0662"
    },
    {
      "name": "CVE-2012-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0655"
    },
    {
      "name": "CVE-2012-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0642"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2011-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1777"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2012-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0651"
    },
    {
      "name": "CVE-2011-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1004"
    },
    {
      "name": "CVE-2012-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0830"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-0656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0656"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2012-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1182"
    },
    {
      "name": "CVE-2012-0870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0870"
    },
    {
      "name": "CVE-2012-0654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0654"
    }
  ],
  "initial_release_date": "2012-05-10T00:00:00",
  "last_revision_date": "2012-05-10T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-272",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Trente-six vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eOS\nX Lion\u003c/span\u003e. Il est possible d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance,\nd\u0027ex\u00e9cuter du code en local, d\u0027obtenir des donn\u00e9es sensibles et d\u0027\u00e9lever\nses privil\u00e8ges. De nombreuses applications et fonctions sont touch\u00e9es,\ntoutes sont d\u00e9crites dans le bulletin \u003cspan class=\"textit\"\u003eApple\u003c/span\u003e\nr\u00e9f\u00e9renc\u00e9 dans la section \u00ab Documentation \u00bb.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OS X Lion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5281 du 09 mai 2012",
      "url": "https://support.apple.com/kb/HT5281"
    }
  ]
}

CERTA-2012-AVI-358

Vulnerability from certfr_avis - Published: 2012-06-29 - Updated: 2012-06-29

Vingt-huit vulnérabilités ont été corrigées dans HP System Management Homepage. Ces vulnérabilités touchent les versions Linux et Windows du produit et peuvent mener à une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à HP System Management Homepage 7.1.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03360041 du 26 juin 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 HP System Management Homepage  7.1.1.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4415"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2011-4078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4078"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2015"
    },
    {
      "name": "CVE-2012-2012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2012"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2012-2013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2013"
    },
    {
      "name": "CVE-2012-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2011-2821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2821"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2012-2016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2016"
    },
    {
      "name": "CVE-2012-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0036"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4153"
    },
    {
      "name": "CVE-2011-3379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3379"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2012-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0830"
    },
    {
      "name": "CVE-2012-0027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0027"
    },
    {
      "name": "CVE-2012-2014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2014"
    }
  ],
  "initial_release_date": "2012-06-29T00:00:00",
  "last_revision_date": "2012-06-29T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-358",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Vingt-huit vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eHP\nSystem Management Homepage\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s touchent les\nversions \u003cspan class=\"textit\"\u003eLinux\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eWindows\u003c/span\u003e du produit et peuvent mener \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP System Management Homepage",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03360041 du 26 juin 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    }
  ]
}

GHSA-XXW5-P895-CP2C

Vulnerability from github – Published: 2022-05-04 00:27 – Updated: 2022-05-04 00:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-04-13T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.",
  "id": "GHSA-xxw5-p895-cp2c",
  "modified": "2022-05-04T00:27:45Z",
  "published": "2022-05-04T00:27:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0036"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/curl-url-sanitize.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/docs/adv_20120124.html"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2398"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51665"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2012-0036

Vulnerability from fkie_nvd - Published: 2012-04-13 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://curl.haxx.se/curl-url-sanitize.patch	Patch
secalert@redhat.com	http://curl.haxx.se/docs/adv_20120124.html	Vendor Advisory
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
secalert@redhat.com	http://secunia.com/advisories/48256
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201203-02.xml
secalert@redhat.com	http://support.apple.com/kb/HT5281
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2398
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
secalert@redhat.com	http://www.securityfocus.com/bid/51665
secalert@redhat.com	http://www.securitytracker.com/id/1032924
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=773457
secalert@redhat.com	https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
secalert@redhat.com	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/curl-url-sanitize.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/adv_20120124.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48256
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201203-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5281
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2398
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51665
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032924
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=773457
af854a3a-2127-422b-91ae-364da2661108	https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us

Impacted products

Vendor	Product	Version
curl	curl	7.20.0
curl	curl	7.20.1
curl	curl	7.21.0
curl	curl	7.21.1
curl	curl	7.21.2
curl	curl	7.21.3
curl	curl	7.21.4
curl	curl	7.21.5
curl	curl	7.21.6
curl	curl	7.21.7
curl	curl	7.22.0
curl	curl	7.23.0
curl	curl	7.23.1
curl	libcurl	7.20.0
curl	libcurl	7.20.1
curl	libcurl	7.21.0
curl	libcurl	7.21.1
curl	libcurl	7.21.2
curl	libcurl	7.21.3
curl	libcurl	7.21.4
curl	libcurl	7.21.5
curl	libcurl	7.21.6
curl	libcurl	7.21.7
curl	libcurl	7.22.0
curl	libcurl	7.23.0
curl	libcurl	7.23.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BDFC51-3AB0-4C43-8979-ECA18E8035C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC9C63-FD5E-4315-B9AF-9D8B1E988F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05A4F5A-C65D-4662-8373-4FEA07558CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85ADB9E1-0356-4E55-B7FD-6425EAF2C643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBA4E51-1C4B-4C2A-B13E-11D4FD9C1C50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A333EB08-4E37-41EF-A204-C82CECE9A51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E29638D1-2620-46A2-BE15-4706B7C4E678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6D4422-C5C8-440F-B476-84DE445966DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4506D93-8DBC-4E33-9432-C4A8CA3BDE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DADC1B7-2945-4CEC-A1D9-0CCA785F165D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CFA6F8-A6B1-415A-8DFB-EA4AFA67160E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C18D23-0401-41C2-BAD7-8B2965691EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93EF4F2-101C-4FAD-A8F6-7A19EE2D6C8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34341428-2676-4431-A23F-65FBE90BAD3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B31BF7-F04D-4985-A0F2-5206D678D3CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2630C2-3E7C-4836-A548-819679967099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FDE251-B1E1-4989-9ECB-07D4A760384E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52D4877-8ED5-4057-A55D-5C5F82175737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "77A81783-51FB-43F4-9D83-5E6134BADB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31022B8A-B4D6-4F6B-9643-1266A65A3807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ACEDA5F-8B32-4898-A1B9-7FCC8110F54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F20A9A-78F4-463B-A2C5-58721CE46210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F4A1953-91D9-4B20-9A13-4974DA86683B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FFBF499-9028-4A50-B6FC-2B2D3AD7E9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5BCA31-3875-4585-8E42-8FAE354049A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AA5ADA7-629B-4028-A023-DF119527A522",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol."
    },
    {
      "lang": "es",
      "value": "curl y libcurl v7.2x anteriores v7.24.0 no consideran de forma adecuada los caracteres especiales cuando extraen una ruta de un fichero de una URL, lo que permite a atacantes remotos realizar ataques de injecci\u00f3n de datos mediente una URL manipulada, como se demostr\u00f3 mediante un atque de injecci\u00f3n CRLF  sobre los protocolos (1) IMAP, (2) POP3, y (3) SMTP."
    }
  ],
  "id": "CVE-2012-0036",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-13T20:55:01.493",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/curl-url-sanitize.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20120124.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2398"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/51665"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1032924"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/curl-url-sanitize.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20120124.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-0036

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-0036

Aliases

CVE-2012-0036

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0036",
    "description": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.",
    "id": "GSD-2012-0036",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-0036.html",
      "https://www.debian.org/security/2012/dsa-2398"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0036"
      ],
      "details": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.",
      "id": "GSD-2012-0036",
      "modified": "2023-12-13T01:20:13.912080Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-0036",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT5281",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT5281"
          },
          {
            "name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
            "refsource": "MISC",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "http://curl.haxx.se/curl-url-sanitize.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/curl-url-sanitize.patch"
          },
          {
            "name": "http://curl.haxx.se/docs/adv_20120124.html",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/docs/adv_20120124.html"
          },
          {
            "name": "http://secunia.com/advisories/48256",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-201203-02.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "name": "http://www.debian.org/security/2012/dsa-2398",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2012/dsa-2398"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
            "refsource": "MISC",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/51665",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/51665"
          },
          {
            "name": "http://www.securitytracker.com/id/1032924",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id/1032924"
          },
          {
            "name": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238",
            "refsource": "MISC",
            "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
          },
          {
            "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us",
            "refsource": "MISC",
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=773457",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.23.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.23.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.23.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.23.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0036"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=773457",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
            },
            {
              "name": "http://curl.haxx.se/curl-url-sanitize.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/curl-url-sanitize.patch"
            },
            {
              "name": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20120124.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/docs/adv_20120124.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5281",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5281"
            },
            {
              "name": "APPLE-SA-2012-05-09-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
            },
            {
              "name": "HPSBMU02786",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "51665",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/51665"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
            },
            {
              "name": "1032924",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032924"
            },
            {
              "name": "MDVSA-2012:058",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
            },
            {
              "name": "GLSA-201203-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
            },
            {
              "name": "48256",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48256"
            },
            {
              "name": "DSA-2398",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2398"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-01-10T02:29Z",
      "publishedDate": "2012-04-13T20:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0036 (GCVE-0-2012-0036)

CERTA-2012-AVI-190

Solution

CERTA-2012-AVI-272

Solution

CERTA-2012-AVI-358

Solution

GHSA-XXW5-P895-CP2C

FKIE_CVE-2012-0036

GSD-2012-0036

Tags

Sightings

Nomenclature