CVE-2012-0036

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.24.0

Description The issue concerns the improper handling of special characters during pathname extraction from URLs, allowing remote attackers to conduct data-injection attacks. This can be exploited through crafted URLs, potentially affecting protocols such as IMAP, POP3, and SMTP. The vulnerability can lead to data injection attacks, including CRLF injection, which may result in unintended actions, such as deleting messages or sending unintended emails.

Recommendations For versions prior to 7.24.0, update to version 7.24.0 or later to resolve the issue. As a temporary workaround, consider restricting user input for URLs to prevent maliciously crafted URLs from being processed. Additionally, restrict access to vulnerable protocols such as IMAP, POP3, and SMTP until the update is applied.