Vulnerability Details : CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2012-0036
Probability of exploitation activity in the next 30 days: 0.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0036
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-0036
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0036
-
https://bugzilla.redhat.com/show_bug.cgi?id=773457
773457 – (CVE-2012-0036) CVE-2012-0036 curl: URL sanitization vulnerability
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
-
http://secunia.com/advisories/48256
Sign in
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
mandriva.com
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
HPESBHF03760 rev.1 - HPE Network Products including Comware 7 running NTP, Remote Unauthorized Data Injection
-
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT5281
About the security content of OS X Lion v10.7.4 and Security Update 2012-002 - Apple Support
-
http://www.debian.org/security/2012/dsa-2398
Debian -- Security Information -- DSA-2398-2 curl
-
https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
URL sanitize: reject URLs containing bad data · curl/curl@75ca568 · GitHub
-
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Oracle Critical Patch Update - July 2015
-
http://www.securitytracker.com/id/1032924
Oracle Hyperion Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service - SecurityTracker
-
http://security.gentoo.org/glsa/glsa-201203-02.xml
cURL: Multiple vulnerabilities (GLSA 201203-02) — Gentoo security
-
http://www.securityfocus.com/bid/51665
cURL/libcURL Remote Input Validation Vulnerability
-
http://curl.haxx.se/docs/adv_20120124.html
curl - URL sanitization vulnerability - CVE-2012-0036Vendor Advisory
-
http://curl.haxx.se/curl-url-sanitize.patch
Patch
Products affected by CVE-2012-0036
- cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.23.0:*:*:*:*:*:*:*