cURL/libcURL Remote Input Validation Vulnerability
PVS ID: 6903 FAMILY: Web Clients RISK: MEDIUM NESSUS ID:57897
Description: Synopsis :\n\nThe cURL program is a library and command-line tool for transferring data using various protocols, including HTTP, FTP, and LDAP. A vulnerable version of cURL was detected from the host.\n\nAn input validation vulnerability occurs when the application fails to properly sanitize a user-supplied fileptah part of an URL before passing it to the protocol-specific code. A remote attacker could exploit this issue to execute arbitrary code in the context of the affected application. (CVE-2012-0036)\n\nAffected versions include versions 7.20.0 through 7.23.1. For your information, the detected associated user-agent was : \n %L \n\n

Solution: Upgrade the affected packages; the next version of cURL that fixes the issue is cURL 7.24.0.

CVE-2012-0036


Copyright Tenable Network Security Inc. 2013