from 0, < 8.4.0-r0
from 0, < 7.80.0-r4
CRITICAL9.8CVE-2022-32207When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a re… from 0, < 7.79.1-r2
CRITICAL9.8curl - security update
from 0, < 7.59.0-r0
CRITICAL9.8curl - security update
from 0, < 7.66.0-r0
CRITICAL9.8curl - security update
from 0, < 7.66.0-r0
CRITICAL9.8libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
from 0, < 7.64.0-r0
CRITICAL9.8A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle.
from 0, < 7.62.0-r0
CRITICAL9.8curl - security update
from 0, < 7.62.0-r0
CRITICAL9.8curl - security update
from 0, < 7.61.1-r0
CRITICAL9.8The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled i…
from 0, < 7.51.0-r0
CRITICAL9.8The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
from 0, < 7.51.0-r0
CRITICAL9.8The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`.
from 0, < 7.51.0-r0
CRITICAL9.8The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` m…
from 0, < 7.51.0-r0
CRITICAL9.8Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable b…
from 0, < 7.61.0-r0
CRITICAL9.8curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and…
from 0, < 7.60.0-r0
CRITICAL9.8The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS b…
from 0, < 7.52.1-r0
CRITICAL9.8curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash…
from 0, < 7.57.0-r0
CRITICAL9.8curl - security update
from 0, < 7.57.0-r0
CRITICAL9.8curl - security update
from 0, < 7.57.0-r0
CRITICAL9.8curl - security update
from 0, < 7.50.3-r0
CRITICAL9.1A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multi…
from 0, < 7.79.1-r5
CRITICAL9.1When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already free…
from 0, < 7.79.0-r0
CRITICAL9.1Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in…
from 0, < 7.62.0-r0
CRITICAL9.1curl - security update
from 0, < 7.60.0-r0
CRITICAL9.1A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a deni…
from 0, < 7.59.0-r0
CRITICAL9.1libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.
from 0, < 7.58.0-r0
CRITICAL9.1curl - security update
from 0, < 7.56.1-r0
HIGH8.8curl - security update
from 0, < 8.0.1-r0
HIGH8.8curl - security update
from 0, < 8.0.1-r0
HIGH8.6When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maxim…
from 0, < 8.7.1-r0
HIGH8.1curl before 7.86.0 has a double free.
from 0, < 7.80.0-r4
HIGH8.1A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--r…
from 0, < 7.83.1-r0
HIGH8.1An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connect…
from 0, < 7.79.1-r1
HIGH8.1curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session…
from 0, < 7.77.0-r0
HIGH8.1curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value.
from 0, < 7.52.1-r0
HIGH8.1curl - security update
from 0, < 7.52.1-r0
HIGH8.1The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS b…
from 0, < 7.52.1-r0
HIGH8.1Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified oth…
from 0, < 7.50.1-r0
HIGH7.8curl - security update
from 0, < 7.66.0-r1
HIGH7.8curl - security update
from 0, < 7.65.0-r0
HIGH7.5Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy…
from 0, < 8.20.0-r0
HIGH7.5libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.
from 0, < 8.20.0-r0
HIGH7.5When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
from 0, < 8.19.0-r0
HIGH7.5curl - security update
from 0, < 8.14.1-r2
HIGH7.5Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in…
from 0, < 8.14.1-r0
HIGH7.5libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string.
from 0, < 8.9.0-r0
HIGH7.5When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API.
from 0, < 8.3.0-r0
HIGH7.5A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA…
from 0, < 8.1.0-r0
HIGH7.5A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
from 0, < 7.79.1-r4
HIGH7.5In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP.
from 0, < 7.80.0-r4
HIGH7.5libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse…
from 0, < 7.79.1-r2
HIGH7.5libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Du…
from 0, < 7.79.1-r2
HIGH7.5The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *differen…
from 0, < 7.80.0-r2
HIGH7.5An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connec…
from 0, < 7.79.1-r1
HIGH7.5curl - security update
from 0, < 7.79.0-r0
HIGH7.5libcurl-using applications can ask for a specific client certificate to be used in a transfer.
from 0, < 7.67.0-r5
HIGH7.5curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP respo…
from 0, < 7.66.0-r3
HIGH7.5curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
from 0, < 7.66.0-r3
HIGH7.5curl - security update
from 0, < 7.66.0-r2
HIGH7.5curl - security update
from 0, < 7.66.0-r1
HIGH7.5libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.
from 0, < 7.64.0-r0
HIGH7.5curl - security update
from 0, < 7.64.0-r0
HIGH7.5curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and…
from 0, < 7.51.0-r0
HIGH7.5A flaw was found in curl before version 7.51.0.
from 0, < 7.51.0-r0
HIGH7.5curl - security update
from 0, < 7.51.0-r0
HIGH7.5The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit sho…
from 0, < 7.51.0-r0
HIGH7.5curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, an…
from 0, < 7.51.0-r0
HIGH7.5In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had change…
from 0, < 7.54.0-r0
HIGH7.5A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of…
from 0, < 7.59.0-r0
HIGH7.5curl - security update
from 0, < 7.55.0-r1
HIGH7.5curl - security update
from 0, < 7.50.2-r0
HIGH7.5curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote atta…
from 0, < 7.50.1-r0
HIGH7.5curl - security update
from 0, < 7.50.1-r0
HIGH7.3When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,…
from 0, < 8.12.0-r0
HIGH7.0libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded…
from 0, < 8.12.0-r0
HIGH7.0The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at leas…
from 0, < 7.51.0-r0
MEDIUM6.5libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenti…
from 0, < 8.20.0-r0
MEDIUM6.5curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials fo…
from 0, < 8.19.0-r0
MEDIUM6.5libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.
from 0, < 8.19.0-r0
MEDIUM6.5libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the UR…
from 0, < 8.14.0-r0
MEDIUM6.5When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or late…
from 0, < 8.11.0-r0
MEDIUM6.5curl - security update
from 0, < 8.10.0-r0
MEDIUM6.5libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field.
from 0, < 8.9.1-r0
MEDIUM6.5libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS.
from 0, < 8.7.1-r0
MEDIUM6.5curl - security update
from 0, < 8.5.0-r0
MEDIUM6.5curl - security update
from 0, < 7.79.1-r5
MEDIUM6.5A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incor…
from 0, < 7.79.1-r5
MEDIUM6.5curl can be told to parse a `.netrc` file for credentials.
from 0, < 7.86.0-r0
MEDIUM6.5curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentiall…
from 0, < 7.79.1-r2
MEDIUM6.5A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redire…
from 0, < 7.79.1-r1
MEDIUM6.5When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML…
from 0, < 7.78.0-r0
MEDIUM6.5curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificat…
from 0, < 7.53.0-r0
MEDIUM6.5curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence o…
from 0, < 7.55.0-r0
MEDIUM6.5curl - security update
from 0, < 7.55.0-r0
MEDIUM6.5When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers.
from 0, < 7.55.0-r0
MEDIUM6.3When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them…
from 0, < 8.19.0-r0
MEDIUM6.3libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL.
from 0, < 8.7.1-r0
MEDIUM6.1dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
from 0, < 7.64.0-r0
MEDIUM5.9curl might erroneously pass on credentials for a first proxy to a second proxy.
from 0, < 8.20.0-r0
MEDIUM5.9A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool.
from 0, < 8.20.0-r0
MEDIUM5.9When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the ser…
from 0, < 0
MEDIUM5.9curl - security update
from 0, < 8.1.0-r0
MEDIUM5.9A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, s…
from 0, < 8.1.0-r0
MEDIUM5.9A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles".
from 0, < 8.0.1-r0
MEDIUM5.9An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connect…
from 0, < 8.0.1-r0
MEDIUM5.9An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials be…
from 0, < 8.0.1-r0
MEDIUM5.9A use after free vulnerability exists in curl <7.87.0.
from 0, < 7.79.1-r4
MEDIUM5.9When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
from 0, < 7.79.1-r2
MEDIUM5.9When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server…
from 0, < 7.79.0-r0
MEDIUM5.9A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and pas…
from 0, < 7.51.0-r0
MEDIUM5.7curl - security update
from 0, < 7.79.1-r1
MEDIUM5.5An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite th…
from 0, < 8.0.1-r0
MEDIUM5.3Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the prox…
from 0, < 8.20.0-r0
MEDIUM5.3When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server cert…
from 0, < 8.20.0-r0
MEDIUM5.3When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first hos…
from 0, < 8.20.0-r0
MEDIUM5.3When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that to…
from 0, < 8.19.0-r0
MEDIUM5.3When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting…
from 0, < 0
MEDIUM5.3When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could acci…
from 0, < 8.19.0-r0
MEDIUM5.3When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses…
from 0, < 8.19.0-r0
MEDIUM5.3curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says.
from 0, < 8.14.1-r2
MEDIUM5.3curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed.
from 0, < 8.6.0-r0
MEDIUM5.3When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file…
from 0, < 8.5.0-r0
MEDIUM5.3libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to r…
from 0, < 7.83.1-r0
MEDIUM5.3curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl.
from 0, < 7.67.0-r5
MEDIUM5.3When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file,…
from 0, < 7.79.0-r0
MEDIUM5.3curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST…
from 0, < 0
MEDIUM5.3curl - security update
from 0, < 7.76.0-r0
MEDIUM4.8libcurl supports *pinning* of the server certificate public key for HTTPS transfers.
from 0, < 8.14.0-r0
MEDIUM4.3curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mecha…
from 0, < 8.17.0-r0
MEDIUM4.3libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN.
from 0, < 8.9.0-r0
MEDIUM4.3A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
from 0, < 7.79.1-r2
MEDIUM4.3Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is pro…
from 0, < 7.83.1-r0
LOW3.7This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
from 0, < 8.4.0-r0
LOW3.7curl - security update
from 0, < 8.1.0-r0
LOW3.7When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back…
from 0, < 7.79.1-r3
LOW3.7libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to er…
from 0, < 7.78.0-r0
LOW3.7curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of…
from 0, < 7.76.0-r0
LOW3.7curl - security update
from 0, < 7.79.0-r0
LOW3.7An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
from 0, < 7.65.0-r0
LOW3.5When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the…
from 0, < 8.7.1-r0
LOW3.4When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to…
from 0, < 8.12.0-r0
LOW3.4When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host t…
from 0, < 8.11.1-r0
LOW3.1When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authen…
from 0, < 0
LOW3.1curl - security update
from 0, < 7.66.0-r4
LOW2.4curl - security update
from 0, < 7.53.1-r2
—cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in th…
from 0, < 7.36.0-r0
—curl - security update
from 0, < 7.36.0-r0