CVE-2012-0036 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
curl	curl	7.20.0
curl	curl	7.20.1
curl	curl	7.21.0
curl	curl	7.21.1
curl	curl	7.21.2
curl	curl	7.21.3
curl	curl	7.21.4
curl	curl	7.21.5
curl	curl	7.21.6
curl	curl	7.21.7
curl	curl	7.22.0
curl	curl	7.23.0
curl	curl	7.23.1
curl	libcurl	7.20.0
curl	libcurl	7.20.1
curl	libcurl	7.21.0
curl	libcurl	7.21.1
curl	libcurl	7.21.2
curl	libcurl	7.21.3
curl	libcurl	7.21.4
curl	libcurl	7.21.5
curl	libcurl	7.21.6
curl	libcurl	7.21.7
curl	libcurl	7.22.0
curl	libcurl	7.23.0
curl	libcurl	7.23.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

curl

bullseye	7.74.0-1.3+deb11u13 fixed
lenny	not-affected
bullseye (security)	7.74.0-1.3+deb11u11 fixed
bookworm	7.88.1-10+deb12u7 fixed
bookworm (security)	7.88.1-10+deb12u5 fixed
sid	8.10.1-2 fixed
trixie	8.10.1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

curl

oneiric	Fixed 7.21.6-3ubuntu3.2 released
natty	Fixed 7.21.3-1ubuntu1.5 released
maverick	Fixed 7.21.0-1ubuntu1.3 released
lucid	not-affected
hardy	not-affected

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://curl.haxx.se/curl-url-sanitize.patch

http://curl.haxx.se/docs/adv_20120124.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://secunia.com/advisories/48256

http://security.gentoo.org/glsa/glsa-201203-02.xml

http://support.apple.com/kb/HT5281

http://www.debian.org/security/2012/dsa-2398

http://www.mandriva.com/security/advisories?name=MDVSA-2012:058

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/51665

http://www.securitytracker.com/id/1032924

https://bugzilla.redhat.com/show_bug.cgi?id=773457

https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us

http://curl.haxx.se/curl-url-sanitize.patch

http://curl.haxx.se/docs/adv_20120124.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://secunia.com/advisories/48256

http://security.gentoo.org/glsa/glsa-201203-02.xml

http://support.apple.com/kb/HT5281

http://www.debian.org/security/2012/dsa-2398

http://www.mandriva.com/security/advisories?name=MDVSA-2012:058

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/51665

http://www.securitytracker.com/id/1032924

https://bugzilla.redhat.com/show_bug.cgi?id=773457

https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us