CVE-2013-1944

Publication date 12 April 2013

Last updated 24 July 2024


Ubuntu priority

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Status

Package Ubuntu Release Status
curl 12.10 quantal
Fixed 7.27.0-1ubuntu1.2
12.04 LTS precise
Fixed 7.22.0-3ubuntu4.1
11.10 oneiric
Fixed 7.21.6-3ubuntu3.3
10.04 LTS lucid
Fixed 7.19.7-1ubuntu1.2
8.04 LTS hardy
Fixed 7.18.0-1ubuntu2.4

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
curl

References

Related Ubuntu Security Notices (USN)

Other references