CVE-2014-8150 : CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when usin

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Published 2015-01-15 15:59:06

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2014-8150

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.26.0
cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.28.1
cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.27.0
cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.28.0
cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.8.1
cpe:2.3:a:haxx:libcurl:7.8.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9
cpe:2.3:a:haxx:libcurl:7.9:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.7
cpe:2.3:a:haxx:libcurl:7.9.7:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.8
cpe:2.3:a:haxx:libcurl:7.9.8:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.7
cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.8
cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.7
cpe:2.3:a:haxx:libcurl:7.7:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.1
cpe:2.3:a:haxx:libcurl:7.9.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.2
cpe:2.3:a:haxx:libcurl:7.9.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10
cpe:2.3:a:haxx:libcurl:7.10:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.1
cpe:2.3:a:haxx:libcurl:7.10.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.11.0
cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.11.1
cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.13.1
cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.13.2
cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.15.4
cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.15.5
cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.16.0
cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.18.0
cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.18.1
cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.5
cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.6
cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.4
cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.5
cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.25.0
cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.12.3
cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.13.0
cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.15.2
cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.15.3
cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.17.0
cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.17.1
cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.3
cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.4
cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.1
cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.2
cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.3
cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.23.1
cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.24.0
cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.30.0
cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.7.1
cpe:2.3:a:haxx:libcurl:7.7.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.7.2
cpe:2.3:a:haxx:libcurl:7.7.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.3
cpe:2.3:a:haxx:libcurl:7.9.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.4
cpe:2.3:a:haxx:libcurl:7.9.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.2
cpe:2.3:a:haxx:libcurl:7.10.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.3
cpe:2.3:a:haxx:libcurl:7.10.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.4
cpe:2.3:a:haxx:libcurl:7.10.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.11.2
cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.12.0
cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.14.0
cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.14.1
cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.16.1
cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.16.2
cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.18.2
cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.0
cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.7
cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.20.0
cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.6
cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.7
cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.7.3
cpe:2.3:a:haxx:libcurl:7.7.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.8
cpe:2.3:a:haxx:libcurl:7.8:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.5
cpe:2.3:a:haxx:libcurl:7.9.5:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.9.6
cpe:2.3:a:haxx:libcurl:7.9.6:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.5
cpe:2.3:a:haxx:libcurl:7.10.5:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.10.6
cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.12.1
cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.12.2
cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.15.0
cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.15.1
cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.16.3
cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.16.4
cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.1
cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.19.2
cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.20.1
cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.21.0
cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.22.0
cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.23.0
cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.29.0
cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.31.0
cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.32.0
cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.33.0
cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.34.0
cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.35.0
cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.36.0
cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.37.0
cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.37.1
cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.38.0
cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.4
cpe:2.3:a:haxx:libcurl:6.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.5
cpe:2.3:a:haxx:libcurl:6.5:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.5.1
cpe:2.3:a:haxx:libcurl:7.5.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.5
cpe:2.3:a:haxx:libcurl:7.5:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.1
cpe:2.3:a:haxx:libcurl:7.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.1 Update Beta
cpe:2.3:a:haxx:libcurl:6.1:beta:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.1
cpe:2.3:a:haxx:libcurl:6.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.2
cpe:2.3:a:haxx:libcurl:6.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.39
cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.6.1
cpe:2.3:a:haxx:libcurl:7.6.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.4
cpe:2.3:a:haxx:libcurl:7.4:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.3
cpe:2.3:a:haxx:libcurl:7.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.3
cpe:2.3:a:haxx:libcurl:6.3:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.3.1
cpe:2.3:a:haxx:libcurl:6.3.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.0
cpe:2.3:a:haxx:libcurl:6.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.5.1
cpe:2.3:a:haxx:libcurl:6.5.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 6.5.2
cpe:2.3:a:haxx:libcurl:6.5.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.6
cpe:2.3:a:haxx:libcurl:7.6:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.5.2
cpe:2.3:a:haxx:libcurl:7.5.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.2.1
cpe:2.3:a:haxx:libcurl:7.2.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.2
cpe:2.3:a:haxx:libcurl:7.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.1.1
cpe:2.3:a:haxx:libcurl:7.1.1:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.4.2
cpe:2.3:a:haxx:libcurl:7.4.2:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl » Version: 7.4.1
cpe:2.3:a:haxx:libcurl:7.4.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8150

EPSS FAQ

3.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8150

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2014-8150

http://www.debian.org/security/2015/dsa-3122

Debian -- Security Information -- DSA-3122-1 curl
https://security.gentoo.org/glsa/201701-47

cURL: Multiple vulnerabilities (GLSA 201701-47) — Gentoo security

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html

[SECURITY] Fedora 20 Update: curl-7.32.0-18.fc20
http://curl.haxx.se/docs/adv_20150108B.html

curl - URL request injection - CVE-2014-8150
Vendor Advisory
http://www.ubuntu.com/usn/USN-2474-1

USN-2474-1: curl vulnerability | Ubuntu security notices
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html

[SECURITY] Fedora 21 Update: curl-7.37.0-12.fc21
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

Juniper Networks - 2016-04 Security Bulletin: Junos: Multiple vulnerabilities in cURL and libcurl

CVEs referencing this url
https://support.apple.com/kb/HT205031

About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1254.html

RHSA-2015:1254 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Oracle Linux Bulletin - October 2015

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015

CVEs referencing this url
https://kc.mcafee.com/corporate/index?page=content&id=SB10131

McAfee Security Bulletin: McAfee Agent patch fixes three Libcurl vulnerabilities

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html

[SECURITY] Fedora 22 Update: mingw-curl-7.42.0-1.fc22

CVEs referencing this url
http://advisories.mageia.org/MGASA-2015-0020.html

Mageia Advisory: MGASA-2015-0020 - Updated curl packages fix CVE-2014-8150
http://secunia.com/advisories/61925

Sign in

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Apple - Lists.apple.com

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2015:021

mandriva.com
http://www.securitytracker.com/id/1032768

IBM Tivoli Composite Application Manager libcurl Bug Lets Remote Authenticated Users Conduct HTTP Response Splitting Attacks - SecurityTracker
http://secunia.com/advisories/62075

Sign in
http://secunia.com/advisories/62361

Sign in
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html

[SECURITY] Fedora 21 Update: mingw-curl-7.42.0-1.fc21

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Oracle Critical Patch Update - October 2015

CVEs referencing this url
http://www.securityfocus.com/bid/71964

cURL/libcURL CVE-2014-8150 Remote Security Bypass Vulnerability
http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html

openSUSE-SU-2015:0248-1: moderate: Security update for curl

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-8150

Products affected by CVE-2014-8150

Exploit prediction scoring system (EPSS) score for CVE-2014-8150

CVSS scores for CVE-2014-8150

References for CVE-2014-8150