Vulnerability identifier: #VU29290
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to overwrite files on the victim's system.
The vulnerability exists due to a logical error when processing
Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.
Install updates from vendor's website.
Vulnerable software versions
cURL: 7.20.0 - 7.70.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?