{"id":"CURL-CVE-2010-3842","summary":"local file overwrite","details":"curl offers a command line option --remote-header-name (also usable as -J)\nwhich uses the filename of the Content-disposition: header when it saves the\ndownloaded data locally.\n\ncurl attempts to cut off the directory parts from any given filename in the\nheader to only store files in the current directory. It might overwrite a\nlocal file using the same name as the header specifies.\n\nThe stripping of the directory did not take backslashes into account. On\nsome operating systems, backslashes are used to separate directories and\nfilenames. This allows a rogue server to send back a response that\noverwrites a filename in the local machine that the user is allowed to\nwrite, potentially a system file, a command or a known executable.\n\nOperating systems affected include Windows, Netware, MSDOS, OS/2 and\nSymbian.\n\nThis error is only present in the curl command line tool, it is NOT a\nproblem of the library libcurl.","aliases":["CVE-2010-3842"],"modified":"2026-05-27T02:29:32.104353Z","published":"2010-10-13T08:00:00Z","database_specific":{"severity":"High","CWE":{"id":"CWE-30","desc":"Path Traversal"},"package":"curl","last_affected":"7.21.1","affects":"tool","www":"https://curl.se/docs/CVE-2010-3842.html","URL":"https://curl.se/docs/CVE-2010-3842.json"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.20.0"},{"fixed":"7.21.2"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"80675818e0417be8c991513b328c5507e93b47e5"},{"fixed":"81f151c912105ded480c3c88a1be53ca345298a1"}]}],"versions":["7.21.1","7.21.0","7.20.1","7.20.0","curl-7_21_1","curl-7_21_0","curl-7_20_1","curl-7_20_0"],"database_specific":{"vanir_signatures_modified":"2026-05-27T02:29:32Z","source":"https://curl.se/docs/CURL-CVE-2010-3842.json","vanir_signatures":[{"digest":{"length":713,"function_hash":"113905634619107869494585090424042333659"},"deprecated":false,"signature_type":"Function","signature_version":"v1","id":"CURL-CVE-2010-3842-a8357723","source":"https://github.com/curl/curl.git/commit/81f151c912105ded480c3c88a1be53ca345298a1","target":{"file":"src/main.c","function":"parse_filename"}}]}}],"schema_version":"1.7.5","credits":[{"name":"Dan Fandrich","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}