Descriptioncurl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Novell/SUSE informationNovell Bugzilla entry: 740452 SUSE Security Advisories:
- openSUSE-SU-2012:0229-1, published Thu, 9 Feb 2012 19:10:39 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.4|| |