CVE-2014-8150
curl - security update
EPSS 1.2%
Description
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
How to fix CVE-2014-8150
To remediate CVE-2014-8150, upgrade the affected package to a fixed version below.
- Debian/curl—upgrade to 7.38.0-4 or later
- Debian/curl—upgrade to 7.21.0-2.1+squeeze11 or later
- Debian/curl—upgrade to 7.26.0-1+wheezy12 or later
Is CVE-2014-8150 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 7.38.0-4
- from 0, < 7.21.0-2.1+squeeze11
- from 0, < 7.26.0-1+wheezy12