Vulnerabilites related to curl - libcurl
Vulnerability from fkie_nvd
Published
2010-03-19 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
References
secalert@redhat.comhttp://curl.haxx.se/docs/adv_20100209.htmlVendor Advisory
secalert@redhat.comhttp://curl.haxx.se/docs/security.html#20100209Vendor Advisory
secalert@redhat.comhttp://curl.haxx.se/libcurl-contentencoding.patchPatch
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
secalert@redhat.comhttp://secunia.com/advisories/38843
secalert@redhat.comhttp://secunia.com/advisories/38981
secalert@redhat.comhttp://secunia.com/advisories/39087
secalert@redhat.comhttp://secunia.com/advisories/39734
secalert@redhat.comhttp://secunia.com/advisories/40220
secalert@redhat.comhttp://secunia.com/advisories/45047
secalert@redhat.comhttp://secunia.com/advisories/48256
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201203-02.xml
secalert@redhat.comhttp://support.apple.com/kb/HT4188
secalert@redhat.comhttp://support.avaya.com/css/P8/documents/100081819
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2010-0072
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2023
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:062
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/02/09/5Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/03/09/1Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/03/16/11Patch
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0329.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/514490/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/516397/100/0/threaded
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1158-1
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0571
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0602
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0660
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0725
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1481
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=563220
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/docs/adv_20100209.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/docs/security.html#20100209Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/libcurl-contentencoding.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38843
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38981
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39087
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39734
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40220
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45047
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48256
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201203-02.xml
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4188
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100081819
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2010-0072
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2023
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:062
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/02/09/5Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/03/09/1Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/03/16/11Patch
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0329.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/514490/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1158-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0571
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0602
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0660
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0725
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1481
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=563220
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
Impacted products
Vendor Product Version
curl libcurl 7.10.5
curl libcurl 7.10.6
curl libcurl 7.10.7
curl libcurl 7.10.8
curl libcurl 7.11.0
curl libcurl 7.11.1
curl libcurl 7.11.2
curl libcurl 7.12
curl libcurl 7.12.0
curl libcurl 7.12.1
curl libcurl 7.12.2
curl libcurl 7.12.3
curl libcurl 7.13
curl libcurl 7.13.1
curl libcurl 7.13.2
curl libcurl 7.14
curl libcurl 7.14.1
curl libcurl 7.15
curl libcurl 7.15.1
curl libcurl 7.15.2
curl libcurl 7.15.3
curl libcurl 7.16.3
curl libcurl 7.17.0
curl libcurl 7.17.1
curl libcurl 7.18.0
curl libcurl 7.18.1
curl libcurl 7.18.2
curl libcurl 7.19.0
curl libcurl 7.19.1
curl libcurl 7.19.2
curl libcurl 7.19.3
curl libcurl 7.19.4
curl libcurl 7.19.5
curl libcurl 7.19.6
curl libcurl 7.19.7



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D703855E-6610-445D-B498-61CE1C763A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA7B64A2-6779-4A01-9864-902E2C04B08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07B1635-6F28-4ED4-A2AC-CD7E9549C920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA4392F-2582-4EFE-9450-3F12588BE981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E91EAD-3813-498B-9B5C-05F1DCF75D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDDBC13-1646-490B-B778-DBD3BB3208C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B87F05D-C077-4929-8BBA-A7287A816470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEC85E8-5555-46A9-9A95-30E1497AFA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA22553-089B-44D2-B545-82F7AED74E25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03060364-7DCD-4111-BF7A-BEF6AFCB3134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "319DADFB-081B-46AA-9F7D-DD4D1C5BE26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C6906-5FBD-4736-87B6-720E288E394A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4931FF86-51B6-470A-A2E0-A1B0942D1CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9DA33F-A33E-483E-AE4D-4422D62C02E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5028DB2-87D5-4AD8-87D4-325C519D6CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E992CDB0-A787-4F7E-AC55-13FE7C68A1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "808143C5-108B-45BE-B626-A44F9F956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBBB3F1-98BD-40D1-B09F-1924D567625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D5DAE5-ABEA-4FF1-836C-BA4741F13323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E15191F-D4E6-425C-81BE-2CD55A815B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0407CCC0-ACAA-4B2A-99A5-DA57791057B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "248D86F7-A8E5-448D-A55A-C05278BB9822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "295EE8FF-18BD-4F67-9045-83A5693AB783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "249C50ED-B681-4DFB-83CD-625D703CD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F060A3-FC8E-45CD-85AB-247D13A2896C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14BB81D-841D-456C-9CAE-CC679FFAB5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBA081D-AB88-4895-8495-6B51EB6B5325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F6B4C1-B88F-4675-BAB7-66A4DFAC17AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A44CE5AD-27B6-45EB-A0B8-CF9BDB31F0E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63984E6B-54EF-4DD6-8A5B-DD16A9A6A4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBACF741-C988-4800-A9FF-E4836A1EE4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C5A868-2EC9-4FC6-A074-E587A203A350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "54613E59-4583-405C-9BA3-609D47B9FFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07436E22-446B-4041-B201-843FC2A9B9A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "59223E78-F55B-46BE-AD1B-176B441BC412",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
    },
    {
      "lang": "es",
      "value": "content_encoding.c en libcurl v7.10.5 hasta v7.19.7, cuando zlib est\u00e1 habilitado, no restringe adecuadamente la cantidad de datos de llamadas devueltas, enviadas a una aplicaci\u00f3n que descomprime automaticamente las peticiones, lo que podr\u00eda permitir a un atacante remoto provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o tener o tro impacto sin especificar mediante el env\u00edo de datos comprimidos manipulados a una aplicaci\u00f3n que se basa en el l\u00edmite destinado data-length."
    }
  ],
  "id": "CVE-2010-0734",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-19T19:30:00.577",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20100209.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/security.html#20100209"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38843"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38981"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39087"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39734"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/css/P8/documents/100081819"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2023"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0571"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0602"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0660"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0725"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20100209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/security.html#20100209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/css/P8/documents/100081819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-03-05 02:30
Modified
2025-04-09 00:30
Severity ?
Summary
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
References
secalert@redhat.comhttp://curl.haxx.se/docs/adv_20090303.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://curl.haxx.se/lxr/source/CHANGESPatch, Vendor Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
secalert@redhat.comhttp://lists.vmware.com/pipermail/security-announce/2009/000060.html
secalert@redhat.comhttp://secunia.com/advisories/34138Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34202
secalert@redhat.comhttp://secunia.com/advisories/34237
secalert@redhat.comhttp://secunia.com/advisories/34251
secalert@redhat.comhttp://secunia.com/advisories/34255
secalert@redhat.comhttp://secunia.com/advisories/34259
secalert@redhat.comhttp://secunia.com/advisories/34399
secalert@redhat.comhttp://secunia.com/advisories/35766
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200903-21.xml
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
secalert@redhat.comhttp://support.apple.com/kb/HT4077
secalert@redhat.comhttp://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042
secalert@redhat.comhttp://www.debian.org/security/2009/dsa-1738
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-0341.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/501757/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/504849/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/33962Exploit, Patch
secalert@redhat.comhttp://www.securitytracker.com/id?1021783
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-726-1
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2009-0009.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0581Patch, Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/1865
secalert@redhat.comhttp://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
secalert@redhat.comhttp://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/49030
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/docs/adv_20090303.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/lxr/source/CHANGESPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2009/000060.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34138Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34202
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34237
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34251
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34255
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34259
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34399
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35766
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200903-21.xml
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1738
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-0341.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501757/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/504849/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33962Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021783
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-726-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0009.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0581Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1865
af854a3a-2127-422b-91ae-364da2661108http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
af854a3a-2127-422b-91ae-364da2661108http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074
Impacted products
Vendor Product Version
curl curl 5.11
curl curl 6.0
curl curl 6.1beta
curl curl 6.2
curl curl 6.3
curl curl 6.3.1
curl curl 6.4
curl curl 6.5
curl curl 6.5.1
curl curl 6.5.2
curl curl 7.1
curl curl 7.1.1
curl curl 7.2
curl curl 7.2.1
curl curl 7.3
curl curl 7.4
curl curl 7.4.1
curl curl 7.4.2
curl curl 7.5
curl curl 7.5.1
curl curl 7.5.2
curl curl 7.6
curl curl 7.6.1
curl curl 7.7
curl curl 7.7.1
curl curl 7.7.2
curl curl 7.7.3
curl curl 7.8
curl curl 7.8.1
curl curl 7.8.2
curl curl 7.9
curl curl 7.9.1
curl curl 7.9.2
curl curl 7.9.3
curl curl 7.9.4
curl curl 7.9.5
curl curl 7.9.6
curl curl 7.9.7
curl curl 7.9.8
curl curl 7.10
curl curl 7.10.1
curl curl 7.10.2
curl curl 7.10.3
curl curl 7.10.4
curl curl 7.10.5
curl curl 7.10.6
curl curl 7.10.7
curl curl 7.10.8
curl curl 7.11.1
curl curl 7.12
curl curl 7.12.1
curl curl 7.12.2
curl curl 7.13
curl curl 7.13.2
curl curl 7.14
curl curl 7.14.1
curl curl 7.15
curl curl 7.15.1
curl curl 7.15.3
curl curl 7.16.3
curl curl 7.16.4
curl curl 7.17
curl curl 7.18
curl curl 7.19.3
curl libcurl 5.11
curl libcurl 7.12
curl libcurl 7.12.1
curl libcurl 7.12.2
curl libcurl 7.12.3
curl libcurl 7.13
curl libcurl 7.13.1
curl libcurl 7.13.2
curl libcurl 7.14
curl libcurl 7.14.1
curl libcurl 7.15
curl libcurl 7.15.1
curl libcurl 7.15.2
curl libcurl 7.15.3
curl libcurl 7.16.3
curl libcurl 7.19.3



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:curl:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "547AF432-EC84-4D3F-9A1A-9DDDE90FAA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "716A8128-1159-4E38-A35B-DB011915145B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.1beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "21D0B74A-8656-486A-97D8-0FFA2B6E7577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFF7F97-FA48-43BF-BF90-180B9E9099AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48753D9B-72A1-4F7C-A71E-AA502F5FA6AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7F9940-212B-4AA8-B42F-6A8DDBA27652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F9238EF-73A5-486E-94BD-3A411DFBE419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF49459-9F8D-4BF5-9F24-DCB256A72FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA5A191C-D5AE-4A22-8D1A-38FBF5C24705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7637717-CF5F-4AA4-9433-5C80C711D824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC0FFDE-B7C6-47AD-8BED-181E10268643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAA0E96-283D-4590-BE3C-76D0A222EB06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74325BB1-54AE-40BC-81C0-AD07CE6BBDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A980CED-EB95-4997-BE4C-56EF96A14471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D83D9F-242B-4689-91EF-64A56C769C36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FA67F8-137F-4778-A6B6-A6EF59C2271B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F84D43-1CE6-452D-A819-44C7CCBCB8C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EE97A0-420F-4FB7-89CF-2E8064D7E0B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DE2E637-D0CA-4B2E-8386-EF2892E5E074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A6DC7AC-CF08-4E45-AA75-2BABF59D960B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB3A5AE-F854-483C-A6DA-02F811F2F6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20FA870-2B29-4CFE-ABD1-62DB4E165B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8019F384-E7EA-4E4D-8E09-4A1FDDB3849B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "37105953-D573-4191-BB96-758F6AFD882C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35898A38-91F6-4C77-ACFD-70E1380AEF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E3545C6-934D-4C55-B285-DB44783E0907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5AC6F4-443D-4EB6-83E7-4F193BCC1D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC29408-D7CE-496B-AB2C-783EE40BCC5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC171D9-5418-4C66-BBDA-ABFD978CF113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD68B6D-72AB-4A61-9528-8631B147A3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "97233341-471B-4B59-95ED-F376460370AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0080682-F304-45BE-A13B-C75C48245E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D90019-9713-46CB-90F5-CF6F016AE1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE6D2C32-ADA4-4859-A30F-7B910D96F02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CDA26B4-A6F6-41B4-A592-C9AF101C5A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "87392CA8-DA66-4E55-9EDA-A85DC6AA253A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFBF583-CE6A-4670-B196-3EEA7B4389BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DFDCF3-FBC3-4231-9915-2D4A7853C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2669757-AA52-4C71-96E4-8A32883574D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8777B0FB-8BFB-4D98-A4C2-E60807CF0C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C0BD35-0B32-46B8-A442-2FEA4762523F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9FFE5B-34E9-47FF-975C-ADC315E7C1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E262EDF2-E490-48F1-B277-844C14CD7361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B1C3BA-BAC3-4424-9523-BCDC373E8EC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B0B2AA-4FD6-4376-A239-00E9431C9F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A11159-1757-404E-AA07-DD865DCDEF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E300177-087D-4103-9092-FF6A4052EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5D1EA8-D015-49F2-B134-C665969F0276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC24D6B-E3E4-4C07-9C4E-3748FDE300EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE6AD55-E3D2-46FD-8EFF-595EEF3B6F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4848C3C8-432D-43E7-B0D9-8FD69D4C3B0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7BE71-D4FB-42FF-8ED4-BA5A81BE8720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D020D95D-CD04-48A5-9488-1C6E7F69ED8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2458D0E-66F7-484C-9989-308530AE766D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B2D97A-083B-4DEB-A02E-124F36838130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAF7D32E-D07A-478E-96E7-0302B6118B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D46E759-3E26-41AC-BF71-A0450CBF54FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CA2263-4478-477A-86C4-6CCCC36F3EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0401FA1-CF19-4BBA-B61B-263CFBA92B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A28049D-C8AF-42D0-A294-851854A66516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F19EC641-0BC7-486B-A7B7-2C0264BC2DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C045C9-332E-4277-9167-F25D7F62F702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "262827E1-A139-46E2-B44D-46CC40E8E33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67B81B43-895A-4FD4-A274-CA762C73DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "339F2D11-27F1-42A8-A780-8D0DAFB168C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEC85E8-5555-46A9-9A95-30E1497AFA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03060364-7DCD-4111-BF7A-BEF6AFCB3134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "319DADFB-081B-46AA-9F7D-DD4D1C5BE26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C6906-5FBD-4736-87B6-720E288E394A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4931FF86-51B6-470A-A2E0-A1B0942D1CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9DA33F-A33E-483E-AE4D-4422D62C02E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5028DB2-87D5-4AD8-87D4-325C519D6CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E992CDB0-A787-4F7E-AC55-13FE7C68A1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "808143C5-108B-45BE-B626-A44F9F956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBBB3F1-98BD-40D1-B09F-1924D567625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D5DAE5-ABEA-4FF1-836C-BA4741F13323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E15191F-D4E6-425C-81BE-2CD55A815B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0407CCC0-ACAA-4B2A-99A5-DA57791057B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "248D86F7-A8E5-448D-A55A-C05278BB9822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBACF741-C988-4800-A9FF-E4836A1EE4E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de redirecci\u00f3n en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de localizaci\u00f3n a elecci\u00f3n del usuario, lo que permite a servidores HTTP remotos (1)iniciar peticiones arbitrarias a servidores de red interna, (2) leer o sobreescribir ficheros arbitrariamente a trav\u00e9s de una redirecci\u00f3n a un fichero: URL, o (3) ejecutar comando arbitrariamente a trav\u00e9s de una redirecci\u00f3n a un scp: URL."
    }
  ],
  "id": "CVE-2009-0037",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-03-05T02:30:00.250",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090303.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/lxr/source/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34138"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34202"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34237"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34251"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34255"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34399"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35766"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1738"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33962"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1021783"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-726-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0581"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090303.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/lxr/source/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-726-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-04-13 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
References
secalert@redhat.comhttp://curl.haxx.se/curl-url-sanitize.patchPatch
secalert@redhat.comhttp://curl.haxx.se/docs/adv_20120124.htmlVendor Advisory
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.html
secalert@redhat.comhttp://secunia.com/advisories/48256
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201203-02.xml
secalert@redhat.comhttp://support.apple.com/kb/HT5281
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2398
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:058
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
secalert@redhat.comhttp://www.securityfocus.com/bid/51665
secalert@redhat.comhttp://www.securitytracker.com/id/1032924
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=773457
secalert@redhat.comhttps://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
secalert@redhat.comhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/curl-url-sanitize.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/docs/adv_20120124.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48256
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201203-02.xml
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5281
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2398
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51665
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032924
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=773457
af854a3a-2127-422b-91ae-364da2661108https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
Impacted products
Vendor Product Version
curl curl 7.20.0
curl curl 7.20.1
curl curl 7.21.0
curl curl 7.21.1
curl curl 7.21.2
curl curl 7.21.3
curl curl 7.21.4
curl curl 7.21.5
curl curl 7.21.6
curl curl 7.21.7
curl curl 7.22.0
curl curl 7.23.0
curl curl 7.23.1
curl libcurl 7.20.0
curl libcurl 7.20.1
curl libcurl 7.21.0
curl libcurl 7.21.1
curl libcurl 7.21.2
curl libcurl 7.21.3
curl libcurl 7.21.4
curl libcurl 7.21.5
curl libcurl 7.21.6
curl libcurl 7.21.7
curl libcurl 7.22.0
curl libcurl 7.23.0
curl libcurl 7.23.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BDFC51-3AB0-4C43-8979-ECA18E8035C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC9C63-FD5E-4315-B9AF-9D8B1E988F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05A4F5A-C65D-4662-8373-4FEA07558CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85ADB9E1-0356-4E55-B7FD-6425EAF2C643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBA4E51-1C4B-4C2A-B13E-11D4FD9C1C50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A333EB08-4E37-41EF-A204-C82CECE9A51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E29638D1-2620-46A2-BE15-4706B7C4E678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6D4422-C5C8-440F-B476-84DE445966DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4506D93-8DBC-4E33-9432-C4A8CA3BDE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DADC1B7-2945-4CEC-A1D9-0CCA785F165D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CFA6F8-A6B1-415A-8DFB-EA4AFA67160E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C18D23-0401-41C2-BAD7-8B2965691EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93EF4F2-101C-4FAD-A8F6-7A19EE2D6C8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34341428-2676-4431-A23F-65FBE90BAD3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B31BF7-F04D-4985-A0F2-5206D678D3CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2630C2-3E7C-4836-A548-819679967099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FDE251-B1E1-4989-9ECB-07D4A760384E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52D4877-8ED5-4057-A55D-5C5F82175737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "77A81783-51FB-43F4-9D83-5E6134BADB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31022B8A-B4D6-4F6B-9643-1266A65A3807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ACEDA5F-8B32-4898-A1B9-7FCC8110F54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F20A9A-78F4-463B-A2C5-58721CE46210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F4A1953-91D9-4B20-9A13-4974DA86683B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FFBF499-9028-4A50-B6FC-2B2D3AD7E9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5BCA31-3875-4585-8E42-8FAE354049A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AA5ADA7-629B-4028-A023-DF119527A522",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol."
    },
    {
      "lang": "es",
      "value": "curl y libcurl v7.2x anteriores v7.24.0 no consideran de forma adecuada los caracteres especiales cuando extraen una ruta de un fichero de una URL, lo que permite a atacantes remotos realizar ataques de injecci\u00f3n de datos mediente una URL manipulada, como se demostr\u00f3 mediante un atque de injecci\u00f3n CRLF  sobre los protocolos (1) IMAP, (2) POP3, y (3) SMTP."
    }
  ],
  "id": "CVE-2012-0036",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-13T20:55:01.493",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/curl-url-sanitize.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20120124.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2398"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/51665"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1032924"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/curl-url-sanitize.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20120124.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-08-14 15:16
Modified
2025-04-09 00:30
Severity ?
Summary
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patchPatch, Vendor Advisory
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patchPatch
secalert@redhat.comhttp://curl.haxx.se/docs/adv_20090812.txtVendor Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhat.comhttp://secunia.com/advisories/36238Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/36475
secalert@redhat.comhttp://secunia.com/advisories/37471
secalert@redhat.comhttp://secunia.com/advisories/45047
secalert@redhat.comhttp://shibboleth.internet2.edu/secadv/secadv_20090817.txt
secalert@redhat.comhttp://support.apple.com/kb/HT4077
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2009-0124
secalert@redhat.comhttp://www.securityfocus.com/archive/1/506055/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/507985/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/36032
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1158-1
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2263Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3316
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/52405
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patchPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://curl.haxx.se/docs/adv_20090812.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36238Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36475
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37471
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45047
af854a3a-2127-422b-91ae-364da2661108http://shibboleth.internet2.edu/secadv/secadv_20090817.txt
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2009-0124
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/506055/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36032
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1158-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2263Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/52405
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
Impacted products
Vendor Product Version
curl libcurl 7.4
curl libcurl 7.4.1
curl libcurl 7.4.2
curl libcurl 7.5
curl libcurl 7.5.1
curl libcurl 7.5.2
curl libcurl 7.6
curl libcurl 7.6.1
curl libcurl 7.7
curl libcurl 7.7.1
curl libcurl 7.7.2
curl libcurl 7.7.3
curl libcurl 7.8
curl libcurl 7.8.1
curl libcurl 7.9
curl libcurl 7.9.1
curl libcurl 7.9.2
curl libcurl 7.9.3
curl libcurl 7.9.5
curl libcurl 7.9.6
curl libcurl 7.9.7
curl libcurl 7.9.8
curl libcurl 7.10
curl libcurl 7.10.1
curl libcurl 7.10.2
curl libcurl 7.10.3
curl libcurl 7.10.4
curl libcurl 7.10.5
curl libcurl 7.10.6
curl libcurl 7.10.7
curl libcurl 7.10.8
curl libcurl 7.11.0
curl libcurl 7.11.1
curl libcurl 7.11.2
curl libcurl 7.12
curl libcurl 7.12.0
curl libcurl 7.12.1
curl libcurl 7.12.2
curl libcurl 7.12.3
curl libcurl 7.13
curl libcurl 7.13.1
curl libcurl 7.13.2
curl libcurl 7.14
curl libcurl 7.14.1
curl libcurl 7.15
curl libcurl 7.15.1
curl libcurl 7.15.2
curl libcurl 7.15.3
curl libcurl 7.16.3
curl libcurl 7.17.0
curl libcurl 7.17.1
curl libcurl 7.18.0
curl libcurl 7.18.1
curl libcurl 7.18.2
curl libcurl 7.19.0
curl libcurl 7.19.1
curl libcurl 7.19.2
curl libcurl 7.19.3
curl libcurl 7.19.4
curl libcurl 7.19.5
libcurl libcurl 7.12
libcurl libcurl 7.12.1
libcurl libcurl 7.12.2
libcurl libcurl 7.12.3
libcurl libcurl 7.13
libcurl libcurl 7.13.1
libcurl libcurl 7.13.2
libcurl libcurl 7.14
libcurl libcurl 7.14.1
libcurl libcurl 7.15
libcurl libcurl 7.15.1
libcurl libcurl 7.15.2
libcurl libcurl 7.15.3
libcurl libcurl 7.16.3



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4F46D5-85E5-4483-AD3D-207E9121FE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3A6114-AA64-45E0-99D7-FAB060B8657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCF67A1-874A-41A3-85C9-2BDCD193CE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4321D25E-27DE-4649-A9B7-C6295F05ABB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25774954-E239-4337-9931-D4F6A69B42F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A000CAB-5986-4568-96C2-B7E213C77E1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C5745B-2FFF-4DF8-883B-417015BDDF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A50325-2247-46EF-A991-70378C4D008F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58D1562-5A17-4124-8010-6098A204C898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C461E700-752D-4A31-A3A4-2B758CE07704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD8B6BE8-BC9A-443D-B6C8-4B5FF2390306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83681317-F32A-4C73-915A-D431E8DF944C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D9C492-5F87-4149-ACAE-948DBE35E40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70655CE0-63F0-402C-B335-FCFA494335C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6A6A05-E568-46F2-B2F5-73300E4EA5BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F102275D-8116-4F65-8910-478CB8DAAE76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68C14C1-AFDF-4DE7-BD06-2A7FE079656D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD860AC-DE24-4CD5-B2C9-C77BD95AAFD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "403DDE56-5FA7-4920-A905-30349E61361B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F001A45E-CFD8-4B41-9281-F01A284ECD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "580BAB7A-3BE0-4FA1-9CAF-124F16882518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "21AE58E9-F201-41AA-A1DC-9EB09E50459A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C901C070-728C-41CD-8E4F-ECCB779906C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A1D7EA-6567-4A48-A431-EA28508D62C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D8F50B-495E-48B3-BF9F-8E4ACA556B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F4FFF6-6AB4-4857-BDFA-12801C972708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9987313-0256-4837-B347-6ABEF18DFCBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D703855E-6610-445D-B498-61CE1C763A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA7B64A2-6779-4A01-9864-902E2C04B08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07B1635-6F28-4ED4-A2AC-CD7E9549C920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA4392F-2582-4EFE-9450-3F12588BE981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E91EAD-3813-498B-9B5C-05F1DCF75D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDDBC13-1646-490B-B778-DBD3BB3208C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B87F05D-C077-4929-8BBA-A7287A816470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEC85E8-5555-46A9-9A95-30E1497AFA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA22553-089B-44D2-B545-82F7AED74E25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03060364-7DCD-4111-BF7A-BEF6AFCB3134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "319DADFB-081B-46AA-9F7D-DD4D1C5BE26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C6906-5FBD-4736-87B6-720E288E394A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4931FF86-51B6-470A-A2E0-A1B0942D1CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9DA33F-A33E-483E-AE4D-4422D62C02E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5028DB2-87D5-4AD8-87D4-325C519D6CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E992CDB0-A787-4F7E-AC55-13FE7C68A1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "808143C5-108B-45BE-B626-A44F9F956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBBB3F1-98BD-40D1-B09F-1924D567625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D5DAE5-ABEA-4FF1-836C-BA4741F13323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E15191F-D4E6-425C-81BE-2CD55A815B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0407CCC0-ACAA-4B2A-99A5-DA57791057B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "248D86F7-A8E5-448D-A55A-C05278BB9822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "295EE8FF-18BD-4F67-9045-83A5693AB783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "249C50ED-B681-4DFB-83CD-625D703CD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F060A3-FC8E-45CD-85AB-247D13A2896C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14BB81D-841D-456C-9CAE-CC679FFAB5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBA081D-AB88-4895-8495-6B51EB6B5325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F6B4C1-B88F-4675-BAB7-66A4DFAC17AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A44CE5AD-27B6-45EB-A0B8-CF9BDB31F0E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63984E6B-54EF-4DD6-8A5B-DD16A9A6A4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBACF741-C988-4800-A9FF-E4836A1EE4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C5A868-2EC9-4FC6-A074-E587A203A350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "54613E59-4583-405C-9BA3-609D47B9FFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7DE39A-325D-42F5-B4ED-C971725232DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DEC10D0-622A-4037-9D4A-69814226CC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D0343C-175D-44BA-BCCF-5F204C749EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D4C0FC-6848-4D18-98E8-4A2F4D7BECC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E66EA58-F408-4D8B-9614-67B936B0F1FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BED785-BD7D-4A09-9B50-77548E64916D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A61633-B9B8-44B5-B352-29F4BFBD2BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF6D258-2A8C-40C3-9171-4C4A5B22B30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DB80911-5BD5-401D-8C0A-8229A71D0804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE508863-DB77-41D3-A438-3F26C34703E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B79E431-AD91-4269-B427-DD1169D12659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "479069C9-D3E5-4909-8368-0B0F4704810B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADB9299-3EFA-45E6-95BD-7FE2E1B1D565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F93365-54FD-45D4-B878-13A53A6806A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
    },
    {
      "lang": "es",
      "value": "lib/ssluse.c en cURL y libcurl v7.4 hasta v7.19.5, cuando se usa OpenSSL, no maneja de forma aecuada el caracter \u0027\\0\u0027 en un nombre de dominio en el campo sujeto del Common Name (CN) de un certificado X.509, lo que permite a atacantes de hombre en el medio hacer un spoofing de servidores SSL a trav\u00e9s de la un certificado de una autoridad de Certificaci\u00f3n leg\u00edtima, manipulado, relativo a CVE_2009-2408."
    }
  ],
  "id": "CVE-2009-2417",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-14T15:16:27.390",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090812.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36238"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36475"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/36032"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2263"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090812.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-0037 (GCVE-0-2009-0037)
Vulnerability from cvelistv5
Published
2009-03-05 02:00
Modified
2024-08-07 04:17
Severity ?
CWE
  • n/a
Summary
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
References
http://www.ubuntu.com/usn/USN-726-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/34259 third-party-advisory, x_refsource_SECUNIA
http://curl.haxx.se/lxr/source/CHANGES x_refsource_CONFIRM
http://secunia.com/advisories/35766 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34255 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0341.html vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2009/dsa-1738 vendor-advisory, x_refsource_DEBIAN
http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/ x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/49030 vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2009/1865 vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html vendor-advisory, x_refsource_APPLE
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/34138 third-party-advisory, x_refsource_SECUNIA
http://curl.haxx.se/docs/adv_20090303.html x_refsource_CONFIRM
http://secunia.com/advisories/34202 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/501757/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2009/0581 vdb-entry, x_refsource_VUPEN
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602 vendor-advisory, x_refsource_SLACKWARE
http://lists.vmware.com/pipermail/security-announce/2009/000060.html mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/33962 vdb-entry, x_refsource_BID
http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054 vdb-entry, signature, x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200903-21.xml vendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074 vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id?1021783 vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/34251 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34399 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/504849/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/34237 third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2009-0009.html x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-726-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-726-1"
          },
          {
            "name": "34259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34259"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/lxr/source/CHANGES"
          },
          {
            "name": "35766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35766"
          },
          {
            "name": "34255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34255"
          },
          {
            "name": "RHSA-2009:0341",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
          },
          {
            "name": "DSA-1738",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1738"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
          },
          {
            "name": "curl-location-security-bypass(49030)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
          },
          {
            "name": "ADV-2009-1865",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1865"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
          },
          {
            "name": "SUSE-SR:2009:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
          },
          {
            "name": "34138",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20090303.html"
          },
          {
            "name": "34202",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34202"
          },
          {
            "name": "20090312 rPSA-2009-0042-1 curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
          },
          {
            "name": "ADV-2009-0581",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0581"
          },
          {
            "name": "SSA:2009-069-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
          },
          {
            "name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
          },
          {
            "name": "33962",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
          },
          {
            "name": "oval:org.mitre.oval:def:11054",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
          },
          {
            "name": "GLSA-200903-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:6074",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
          },
          {
            "name": "1021783",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021783"
          },
          {
            "name": "34251",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34251"
          },
          {
            "name": "34399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34399"
          },
          {
            "name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
          },
          {
            "name": "34237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-726-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-726-1"
        },
        {
          "name": "34259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34259"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/lxr/source/CHANGES"
        },
        {
          "name": "35766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35766"
        },
        {
          "name": "34255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34255"
        },
        {
          "name": "RHSA-2009:0341",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
        },
        {
          "name": "DSA-1738",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1738"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
        },
        {
          "name": "curl-location-security-bypass(49030)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
        },
        {
          "name": "ADV-2009-1865",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1865"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
        },
        {
          "name": "SUSE-SR:2009:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
        },
        {
          "name": "34138",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20090303.html"
        },
        {
          "name": "34202",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34202"
        },
        {
          "name": "20090312 rPSA-2009-0042-1 curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
        },
        {
          "name": "ADV-2009-0581",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0581"
        },
        {
          "name": "SSA:2009-069-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
        },
        {
          "name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
        },
        {
          "name": "33962",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
        },
        {
          "name": "oval:org.mitre.oval:def:11054",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
        },
        {
          "name": "GLSA-200903-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:6074",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
        },
        {
          "name": "1021783",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021783"
        },
        {
          "name": "34251",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34251"
        },
        {
          "name": "34399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34399"
        },
        {
          "name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
        },
        {
          "name": "34237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0037",
    "datePublished": "2009-03-05T02:00:00",
    "dateReserved": "2008-12-15T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-0734 (GCVE-0-2010-0734)
Vulnerability from cvelistv5
Published
2010-03-19 19:00
Modified
2024-08-07 00:59
Severity ?
CWE
  • n/a
Summary
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
References
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html vendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2010/0571 vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0602 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/514490/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/38843 third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2010/03/09/1 mailing-list, x_refsource_MLIST
http://secunia.com/advisories/38981 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1481 vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/USN-1158-1 vendor-advisory, x_refsource_UBUNTU
http://curl.haxx.se/docs/adv_20100209.html x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0725 vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2010/dsa-2023 vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2010-0329.html vendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760 vdb-entry, signature, x_refsource_OVAL
http://support.apple.com/kb/HT4188 x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=563220 x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2010:062 vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/40220 third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201203-02.xml vendor-advisory, x_refsource_GENTOO
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html vendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/48256 third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/css/P8/documents/100081819 x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2010/03/16/11 mailing-list, x_refsource_MLIST
http://secunia.com/advisories/39087 third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2011-0003.html x_refsource_CONFIRM
http://secunia.com/advisories/45047 third-party-advisory, x_refsource_SECUNIA
http://wiki.rpath.com/Advisories:rPSA-2010-0072 x_refsource_CONFIRM
http://curl.haxx.se/libcurl-contentencoding.patch x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/516397/100/0/threaded mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756 vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/39734 third-party-advisory, x_refsource_SECUNIA
http://curl.haxx.se/docs/security.html#20100209 x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0660 vdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2010/02/09/5 mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:39.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "ADV-2010-0571",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0571"
          },
          {
            "name": "ADV-2010-0602",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0602"
          },
          {
            "name": "20101027 rPSA-2010-0072-1 curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
          },
          {
            "name": "38843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38843"
          },
          {
            "name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
          },
          {
            "name": "38981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38981"
          },
          {
            "name": "ADV-2010-1481",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "name": "USN-1158-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1158-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20100209.html"
          },
          {
            "name": "ADV-2010-0725",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0725"
          },
          {
            "name": "DSA-2023",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2023"
          },
          {
            "name": "RHSA-2010:0329",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10760",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
          },
          {
            "name": "MDVSA-2010:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
          },
          {
            "name": "40220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "GLSA-201203-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "name": "FEDORA-2010-2720",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
          },
          {
            "name": "FEDORA-2010-2762",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
          },
          {
            "name": "48256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100081819"
          },
          {
            "name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
          },
          {
            "name": "39087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39087"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "45047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45047"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:6756",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
          },
          {
            "name": "39734",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39734"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/security.html#20100209"
          },
          {
            "name": "ADV-2010-0660",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0660"
          },
          {
            "name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-06-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
        },
        {
          "name": "ADV-2010-0571",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0571"
        },
        {
          "name": "ADV-2010-0602",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0602"
        },
        {
          "name": "20101027 rPSA-2010-0072-1 curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
        },
        {
          "name": "38843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38843"
        },
        {
          "name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
        },
        {
          "name": "38981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38981"
        },
        {
          "name": "ADV-2010-1481",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1481"
        },
        {
          "name": "USN-1158-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1158-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20100209.html"
        },
        {
          "name": "ADV-2010-0725",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0725"
        },
        {
          "name": "DSA-2023",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2023"
        },
        {
          "name": "RHSA-2010:0329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10760",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4188"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
        },
        {
          "name": "MDVSA-2010:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
        },
        {
          "name": "40220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40220"
        },
        {
          "name": "GLSA-201203-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
        },
        {
          "name": "FEDORA-2010-2720",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
        },
        {
          "name": "FEDORA-2010-2762",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
        },
        {
          "name": "48256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100081819"
        },
        {
          "name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
        },
        {
          "name": "39087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39087"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "45047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45047"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:6756",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
        },
        {
          "name": "39734",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39734"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/security.html#20100209"
        },
        {
          "name": "ADV-2010-0660",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0660"
        },
        {
          "name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0734",
    "datePublished": "2010-03-19T19:00:00",
    "dateReserved": "2010-02-26T00:00:00",
    "dateUpdated": "2024-08-07T00:59:39.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0036 (GCVE-0-2012-0036)
Vulnerability from cvelistv5
Published
2012-04-13 20:00
Modified
2024-08-06 18:09
Severity ?
CWE
  • n/a
Summary
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
          },
          {
            "name": "1032924",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032924"
          },
          {
            "name": "DSA-2398",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2398"
          },
          {
            "name": "GLSA-201203-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "name": "51665",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51665"
          },
          {
            "name": "48256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20120124.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/curl-url-sanitize.patch"
          },
          {
            "name": "MDVSA-2012:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5281"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
          },
          {
            "name": "APPLE-SA-2012-05-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03760en_us"
        },
        {
          "name": "1032924",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032924"
        },
        {
          "name": "DSA-2398",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2398"
        },
        {
          "name": "GLSA-201203-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
        },
        {
          "name": "51665",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51665"
        },
        {
          "name": "48256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20120124.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/curl-url-sanitize.patch"
        },
        {
          "name": "MDVSA-2012:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5281"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238"
        },
        {
          "name": "APPLE-SA-2012-05-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0036",
    "datePublished": "2012-04-13T20:00:00",
    "dateReserved": "2011-12-07T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2417 (GCVE-0-2009-2417)
Vulnerability from cvelistv5
Published
2009-08-14 15:00
Modified
2024-08-07 05:52
Severity ?
CWE
  • n/a
Summary
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch x_refsource_CONFIRM
http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch x_refsource_CONFIRM
http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch x_refsource_CONFIRM
http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/506055/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/37471 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2263 vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/USN-1158-1 vendor-advisory, x_refsource_UBUNTU
http://www.vmware.com/security/advisories/VMSA-2009-0016.html x_refsource_CONFIRM
http://secunia.com/advisories/36238 third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html vendor-advisory, x_refsource_APPLE
https://exchange.xforce.ibmcloud.com/vulnerabilities/52405 vdb-entry, x_refsource_XF
http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2009-0124 x_refsource_CONFIRM
http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542 vdb-entry, signature, x_refsource_OVAL
http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/507985/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
http://shibboleth.internet2.edu/secadv/secadv_20090817.txt x_refsource_CONFIRM
http://secunia.com/advisories/36475 third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114 vdb-entry, signature, x_refsource_OVAL
http://curl.haxx.se/docs/adv_20090812.txt x_refsource_CONFIRM
http://secunia.com/advisories/45047 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/36032 vdb-entry, x_refsource_BID
http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3316 vdb-entry, x_refsource_VUPEN
http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
          },
          {
            "name": "20090824 rPSA-2009-0124-1 curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "ADV-2009-2263",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2263"
          },
          {
            "name": "USN-1158-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1158-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "36238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36238"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "curl-certificate-security-bypass(52405)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
          },
          {
            "name": "oval:org.mitre.oval:def:8542",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
          },
          {
            "name": "36475",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36475"
          },
          {
            "name": "oval:org.mitre.oval:def:10114",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20090812.txt"
          },
          {
            "name": "45047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45047"
          },
          {
            "name": "36032",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36032"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
        },
        {
          "name": "20090824 rPSA-2009-0124-1 curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "name": "ADV-2009-2263",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2263"
        },
        {
          "name": "USN-1158-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1158-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "36238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36238"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "name": "curl-certificate-security-bypass(52405)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
        },
        {
          "name": "oval:org.mitre.oval:def:8542",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
        },
        {
          "name": "36475",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36475"
        },
        {
          "name": "oval:org.mitre.oval:def:10114",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20090812.txt"
        },
        {
          "name": "45047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45047"
        },
        {
          "name": "36032",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36032"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-2417",
    "datePublished": "2009-08-14T15:00:00",
    "dateReserved": "2009-07-09T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}