CVE-2014-8150

Publication date 8 January 2015

Last updated 24 July 2024


Ubuntu priority

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Status

Package Ubuntu Release Status
curl 14.10 utopic
Fixed 7.37.1-1ubuntu3.2
14.04 LTS trusty
Fixed 7.35.0-1ubuntu2.3
12.04 LTS precise
Fixed 7.22.0-3ubuntu4.12
10.04 LTS lucid
Fixed 7.19.7-1ubuntu1.11

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
curl

References

Related Ubuntu Security Notices (USN)

Other references