cURL/libcURL Remote Input Validation Vulnerability
Medium Log Correlation Engine Plugin ID 801396
SynopsisThe cURL program is a library and command-line tool for transferring data using various protocols, including HTTP, FTP, and LDAP. A vulnerable version of cURL was detected from the host.
DescriptionAn input validation vulnerability occurs when the application fails to properly sanitize a user-supplied fileptah part of an URL before passing it to the protocol-specific code. A remote attacker could exploit this issue to execute arbitrary code in the context of the affected application. (CVE-2012-0036)
Affected versions include versions 7.20.0 through 7.23.1.
SolutionUpgrade the affected packages; the next version of cURL that fixes the issue is cURL 7.24.0.