CVE-2016-0754

Name of the Vulnerable Software and Affected Versions cURL versions prior to 7.47.0

Description The issue allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. This is because cURL does not sanitize colons in a remote filename that is used as the local filename, which may lead to a vulnerability on systems where the colon is a special path character, currently applicable only to Windows. When using command line options --remote-name and --remote-header-name together, cURL writes its output to a server-provided filename without sanitizing colons, potentially allowing writing to a file in the working directory of a drive that is not the current drive or to a file's alternate data stream.

Recommendations For versions prior to 7.47.0, update to version 7.47.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -OJ options together when the server provides a remote filename, and be cautious when using the -O option without -J, as cURL may write output to a filename based solely on the remote filename in the URL string provided by the user. Restrict access to sensitive files and directories to minimize the risk of exploitation.