CVE-2014-8150

Publication date 8 January 2015

Last updated 24 July 2024

Ubuntu priority

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
curl	14.10 utopic	Fixed 7.37.1-1ubuntu3.2
	14.04 LTS trusty	Fixed 7.35.0-1ubuntu2.3
	12.04 LTS precise	Fixed 7.22.0-3ubuntu4.12
	10.04 LTS lucid	Fixed 7.19.7-1ubuntu1.11

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
curl	Upstream: http://curl.haxx.se/CVE-2014-8150.patch Upstream: 178bd7d Upstream: 3df8e78

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2474-1
curl vulnerability
15 January 2015

Other references

http://curl.haxx.se/docs/adv_20150108B.html
https://www.cve.org/CVERecord?id=CVE-2014-8150