CURL-CVE-2010-3842
- Source
- https://curl.se/docs/CVE-2010-3842.html
- Import Source
- https://curl.se/docs/CURL-CVE-2010-3842.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2010-3842
- Aliases
-
- CVE-2010-3842
- Published
- 2010-10-13T08:00:00Z
- Modified
- 2024-06-07T13:53:51Z
- Summary
- local file overwrite
- Details
-
curl offers a command line option --remote-header-name (also usable as -J) which uses the filename of the Content-disposition: header when it saves the downloaded data locally.
curl attempts to cut off the directory parts from any given filename in the header to only store files in the current directory. It might overwrite a local file using the same name as the header specifies.
The stripping of the directory did not take backslashes into account. On some operating systems, backslashes are used to separate directories and filenames. This allows a rogue server to send back a response that overwrites a filename in the local machine that the user is allowed to write, potentially a system file, a command or a known executable.
Operating systems affected include Windows, Netware, MSDOS, OS/2 and Symbian.
This error is only present in the curl command line tool, it is NOT a problem of the library libcurl.
- Database specific
{ "CWE": { "id": "CWE-30", "desc": "Path Traversal" }, "URL": "https://curl.se/docs/CVE-2010-3842.json", "affects": "tool", "package": "curl", "severity": "High", "www": "https://curl.se/docs/CVE-2010-3842.html", "last_affected": "7.21.1" }- References
-
- Credits
-
-
- Dan Fandrich - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-