curl: CRLF injection in libcurl’s SMTP client via –mail-from and –mail-rcpt allows SMTP command smuggling

July 3, 2025 invoker category_news

Security Update News

Update Information

Title curl: CRLF injection in libcurl’s SMTP client via –mail-from and –mail-rcpt allows SMTP command smuggling
Update ID H1:3235428
Type hackerone
Published 2025-07-03T05:49:06
Last Updated 2025-07-03T22:57:44

Security Impact

Severity NONE

AI Analysis

AI Description A vulnerability in libcurl’s SMTP client allows CRLF injection via the –mail-from and –mail-rcpt options, enabling SMTP command smuggling. This could allow attackers to inject malicious commands into the SMTP stream, potentially leading to unauthorized email sending or interference with email communications. The issue is related to improper handling of CRLF sequences in the affected options.
AI Severity High
AI Vendor curl project
AI Product libcurl
AI Version various versions

Update Details

Vulnerability description not provided

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.