CVE-2010-3842

Publication date 28 October 2010

Last updated 24 July 2024

Ubuntu priority

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
curl	10.10 maverick	Ignored
	10.04 LTS lucid	Ignored
	9.10 karmic	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

from curl advisory: Operating systems affected include Windows, Netware, MSDOS, OS/2 and Symbian.

References

MITRE
NVD
Launchpad
Debian

Other references

http://curl.haxx.se/docs/adv_20101013.html
https://www.cve.org/CVERecord?id=CVE-2010-3842