Unrated severityNVD Advisory· Published Apr 13, 2012· Updated Jun 16, 2026
CVE-2012-0036
CVE-2012-0036
Description
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:curl:7.23.1:*:*:*:*:*:*:*
- (no CPE)range: <7.24.0
cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.23.1:*:*:*:*:*:*:*
- (no CPE)range: <7.24.0
Patches
Vulnerability mechanics
References
15- curl.haxx.se/curl-url-sanitize.patchnvdPatch
- curl.haxx.se/docs/adv_20120124.htmlnvdVendor Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce/2012/May/msg00001.htmlnvd
- secunia.com/advisories/48256nvd
- security.gentoo.org/glsa/glsa-201203-02.xmlnvd
- support.apple.com/kb/HT5281nvd
- www.debian.org/security/2012/dsa-2398nvd
- www.mandriva.com/security/advisoriesnvd
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
- www.securityfocus.com/bid/51665nvd
- www.securitytracker.com/id/1032924nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238nvd
- h20566.www2.hpe.com/hpsc/doc/public/displaynvd
News mentions
0No linked articles in our index yet.