CVE-2012-0036
EPSS 10.3%
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
How to fix CVE-2012-0036
To remediate CVE-2012-0036, upgrade the affected package to a fixed version below.
- Debian/curl—upgrade to 7.24.0-1 or later
Is CVE-2012-0036 being exploited?
Moderate — EPSS is 10.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 7.24.0-1