medium
4
Advisory Published
Updated

REDHAT-BUG-773457

First published: Wed Jan 11 2012(Updated: )

A flaw was found in the way that curl sanitized URLs. The upstream advisory [1] reports: libcurl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. When parsing URLs, libcurl's parser is very laxed and liberal and only parses as little as possible and lets as much as possible through as long as it can figure out what to do. In the specific process when libcurl extracts the file path part from a given URL, it didn't always verify the data or escape control characters properly before it passed the file path on to the protocol-specific code that then would use it for its protocol business. This passing through of control characters could be exploited by someone who would be able to pass in a handicrafted URL to libcurl. Lots of libcurl using applications let users enter URLs in one form or another and not all of these check the input carefully to prevent malicious ones. A malicious user might pass in %0d%0a to get treated as CR LF by libcurl, and by using this fact a user can trick for example a POP3 client to delete a message instead of getting it or trick an SMTP server to send an unintended message. This vulnerability can be used to fool libcurl with the following protocols: IMAP, POP3 and SMTP. There is no known exploit for this problem. This flaw only affects curl versions 7.20.0 up to and including 7.23.1 It is corrected in 7.24.0 by scanning for a range of "bad codes" in the path part of URLs so that they are rejected before any protocol code even can consider using them. This flaw has been assigned the name <a href="https://access.redhat.com/security/cve/CVE-2012-0036">CVE-2012-0036</a>. [1] <a href="http://curl.haxx.se/docs/security.html">http://curl.haxx.se/docs/security.html</a> Statement: Not vulnerable. This issue did not affect the versions of curl as shipped with Red Hat Enterprise Linux 4, 5 or 6.

Affected SoftwareAffected VersionHow to fix
Curl>=7.20.0<=7.23.1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of REDHAT-BUG-773457?

    The severity of REDHAT-BUG-773457 is considered high due to the potential for data injection attacks.

  • How do I fix REDHAT-BUG-773457?

    To fix REDHAT-BUG-773457, upgrade curl to a version newer than 7.23.1.

  • What protocols are affected by REDHAT-BUG-773457?

    REDHAT-BUG-773457 affects certain protocols that are processed by libcurl when parsing URLs.

  • Is my version of curl vulnerable to REDHAT-BUG-773457?

    If you are using a version of curl between 7.20.0 and 7.23.1, your version is vulnerable to REDHAT-BUG-773457.

  • What type of attack does REDHAT-BUG-773457 enable?

    REDHAT-BUG-773457 enables a data injection attack that can use control characters embedded in or percent-encoded in URLs.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203