Unrated severityNVD Advisory· Published Apr 13, 2012· Updated Apr 29, 2026
CVE-2012-0036
CVE-2012-0036
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
Affected products
26cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.23.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.23.1:*:*:*:*:*:*:*
Patches
175ca568fa1c1Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
15- curl.haxx.se/curl-url-sanitize.patchnvdPatch
- curl.haxx.se/docs/adv_20120124.htmlnvdVendor Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce/2012/May/msg00001.htmlnvd
- secunia.com/advisories/48256nvd
- security.gentoo.org/glsa/glsa-201203-02.xmlnvd
- support.apple.com/kb/HT5281nvd
- www.debian.org/security/2012/dsa-2398nvd
- www.mandriva.com/security/advisoriesnvd
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
- www.securityfocus.com/bid/51665nvd
- www.securitytracker.com/id/1032924nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238nvd
- h20566.www2.hpe.com/hpsc/doc/public/displaynvd
News mentions
0No linked articles in our index yet.