CVE-2014-8150
Published: 8 January 2015
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
Priority
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
lucid |
Released
(7.19.7-1ubuntu1.11)
|
precise |
Released
(7.22.0-3ubuntu4.12)
|
|
trusty |
Released
(7.35.0-1ubuntu2.3)
|
|
upstream |
Released
(7.38.0-4)
|
|
utopic |
Released
(7.37.1-1ubuntu3.2)
|
|
Patches: upstream: http://curl.haxx.se/CVE-2014-8150.patch upstream: https://github.com/bagder/curl/commit/178bd7db34f77e020fb8562890c5625ccbd67093 upstream: https://github.com/bagder/curl/commit/3df8e78860d3a3d3cf95252bd2b4ad5fd53360cd |