FortiClient VulnerabilitySecurity Vulnerability CVE-2012-0036 for cURL
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
Affected Applications
cURL
CVE References
CVE-2012-0036Other References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0036| ID | 2628 |
| Created | May 07, 2021 |
| Description Updated |
Sep 14, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Confused by Code |
| Patch | manual |
| Application | cURL |