CURL-CVE-2014-8150

Source
https://curl.se/docs/CVE-2014-8150.html
Import Source
https://curl.se/docs/CURL-CVE-2014-8150.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2014-8150
Aliases
Published
2015-01-08T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
URL request injection
Details

When libcurl sends a request to a server via an HTTP proxy, it copies the entire URL into the request and sends if off.

If the given URL contains line feeds and carriage returns those are sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL.

Many programs allow some kind of external sources to set the URL or provide partial pieces for the URL to ask for, and if the URL as received from the user is not stripped good enough this flaw allows malicious users to do additional requests in a way that was not intended, or just to insert request headers into the request that the program did not intend.

Database specific
{
    "CWE": {
        "id": "CWE-444",
        "desc": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2014-8150.json",
    "severity": "High",
    "www": "https://curl.se/docs/CVE-2014-8150.html",
    "last_affected": "7.39.0"
}
References
Credits
    • Andrey Labunets (Facebook) - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
6.0
Fixed
7.40.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

6.*

6.0
6.1
6.2
6.3
6.3.1
6.4
6.5
6.5.1
6.5.2

7.*

7.1
7.1.1
7.10
7.10.1
7.10.2
7.10.3
7.10.4
7.10.5
7.10.6
7.10.7
7.10.8
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.12.2
7.12.3
7.13.0
7.13.1
7.13.2
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.16.0
7.16.1
7.16.2
7.16.3
7.16.4
7.17.0
7.17.1
7.18.0
7.18.1
7.18.2
7.19.0
7.19.1
7.19.2
7.19.3
7.19.4
7.19.5
7.19.6
7.19.7
7.2
7.2.1
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.3
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.4
7.4.1
7.4.2
7.5
7.5.1
7.5.2
7.6
7.6.1
7.7
7.7.1
7.7.2
7.7.3
7.8
7.8.1
7.9
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.6
7.9.7
7.9.8