icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

cURL/libcURL Remote Input Validation Vulnerability

High

Synopsis

The cURL program is a library and command-line tool for transferring data using various protocols, including HTTP, FTP, and LDAP. A vulnerable version of cURL was detected from the host.

Description

An input validation vulnerability occurs when the application fails to properly sanitize a user-supplied fileptah part of an URL before passing it to the protocol-specific code. A remote attacker could exploit this issue to execute arbitrary code in the context of the affected application. (CVE-2012-0036)

Affected versions include versions 7.20.0 through 7.23.1.

Solution

Upgrade the affected packages; the next version of cURL that fixes the issue is cURL 7.24.0.