from 0, < 7.74.0-1.3+deb11u10
from 0, < 7.74.0-1.3+deb11u10
from 0, < 7.74.0-1.3+deb11u5
CRITICAL9.8curl - security update
from 0, < 7.74.0-1.3+deb11u5
CRITICAL9.8When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a re…
from 0, < 7.74.0-1.3+deb11u2
CRITICAL9.8curl - security update
from 0, < 7.60.0-1
CRITICAL9.8curl - security update
from 0, < 7.38.0-4+deb8u10
CRITICAL9.8curl - security update
from 0, < 7.26.0-1+wheezy25
CRITICAL9.8curl - security update
from 0, < 7.66.0-1
CRITICAL9.8curl - security update
from 0, < 7.38.0-4+deb8u16
CRITICAL9.8curl - security update
from 0, < 7.66.0-1
CRITICAL9.8curl - security update
from 0, < 7.52.1-5+deb9u10
CRITICAL9.8libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
from 0, < 7.64.0-1
CRITICAL9.8A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle.
from 0, < 7.62.0-1
CRITICAL9.8curl - security update
from 0, < 7.62.0-1
CRITICAL9.8curl - security update
from 0, < 7.52.1-5+deb9u8
CRITICAL9.8curl - security update
from 0, < 7.38.0-4+deb8u12
CRITICAL9.8curl - security update
from 0, < 7.62.0-1
CRITICAL9.8curl - security update
from 0, < 7.52.1-5+deb9u7
CRITICAL9.8The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled i…
from 0, < 7.51.0-1
CRITICAL9.8The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
from 0, < 7.51.0-1
CRITICAL9.8The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`.
from 0, < 7.51.0-1
CRITICAL9.8The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` m…
from 0, < 7.51.0-1
CRITICAL9.8Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable b…
from 0, < 7.61.0-1
CRITICAL9.8curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and…
from 0, < 7.60.0-1
CRITICAL9.8curl - security update
from 0, < 7.38.0-4+deb8u9
CRITICAL9.8curl - security update
from 0, < 7.26.0-1+wheezy24
CRITICAL9.8curl - security update
from 0, < 7.58.0-1
CRITICAL9.8curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash…
from 0, < 7.57.0-1
CRITICAL9.8curl - security update
from 0, < 7.57.0-1
CRITICAL9.8curl - security update
from 0, < 7.26.0-1+wheezy23
CRITICAL9.8curl - security update
from 0, < 7.57.0-1
CRITICAL9.8curl - security update
from 0, < 7.38.0-4+deb8u8
CRITICAL9.8curl - security update
from 0, < 7.26.0-1+wheezy16
CRITICAL9.8curl - security update
from 0, < 7.51.0-1
CRITICAL9.1A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multi…
from 0
CRITICAL9.1When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already free…
from 0, < 7.74.0-1.3+deb11u2
CRITICAL9.1Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in…
from 0, < 7.62.0-1
CRITICAL9.1curl - security update
from 0, < 7.26.0-1+wheezy25+deb7u1
CRITICAL9.1curl - security update
from 0, < 7.60.0-1
CRITICAL9.1curl - security update
from 0, < 7.38.0-4+deb8u11
CRITICAL9.1A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a deni…
from 0, < 7.60.0-1
CRITICAL9.1libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.
from 0, < 7.58.0-1
CRITICAL9.1curl - security update
from 0, < 7.26.0-1+wheezy22
CRITICAL9.1curl - security update
from 0, < 7.56.1-1
CRITICAL9.1curl - security update
from 0, < 7.38.0-4+deb8u7
HIGH8.8curl - security update
from 0, < 7.64.0-4+deb10u9
HIGH8.8curl - security update
from 0, < 7.74.0-1.3+deb11u8
HIGH8.8curl - security update
from 0, < 7.74.0-1.3+deb11u8
HIGH8.8curl - security update
from 0, < 7.64.0-4+deb10u6
HIGH8.8Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execut…
from 0, < 7.13.0-2
HIGH8.6When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maxim…
from 0, < 7.74.0-1.3+deb11u12
HIGH8.1curl before 7.86.0 has a double free.
from 0, < 7.86.0-1
HIGH8.1A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--r…
from 0, < 7.83.1-1
HIGH8.1An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connect…
from 0, < 7.74.0-1.3+deb11u2
HIGH8.1curl - security update
from 0, < 7.26.0-1+wheezy18
HIGH8.1curl - security update
from 0, < 7.52.1-1
HIGH8.1Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified oth…
from 0, < 7.50.1-1
HIGH7.8curl - security update
from 0, < 7.52.1-5+deb9u11
HIGH7.8curl - security update
from 0, < 7.72.0-1
HIGH7.8curl - security update
from 0, < 7.64.0-4
HIGH7.8curl - security update
from 0, < 7.38.0-4+deb8u15
HIGH7.5Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy…
from 0
HIGH7.5libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.
from 0
HIGH7.5When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
from 0
HIGH7.5curl - security update
from 0, < 7.74.0-1.3+deb11u16
HIGH7.5curl - security update
from 0, < 8.14.1-2+deb13u1
HIGH7.5Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in…
from 0, < 8.14.1-1
HIGH7.5libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string.
from 0, < 8.9.0-1
HIGH7.5When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API.
from 0, < 7.88.1-10+deb12u3
HIGH7.5A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA…
from 0, < 7.88.1-10
HIGH7.5A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
from 0
HIGH7.5In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP.
from 0
HIGH7.5libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse…
from 0, < 7.74.0-1.3+deb11u2
HIGH7.5libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Du…
from 0, < 7.74.0-1.3+deb11u2
HIGH7.5The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *differen…
from 0, < 7.83.1-1
HIGH7.5An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connec…
from 0, < 7.74.0-1.3+deb11u2
HIGH7.5curl - security update
from 0, < 7.74.0-1.3+deb11u2
HIGH7.5curl - security update
from 0, < 7.52.1-5+deb9u16
HIGH7.5curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP respo…
from 0, < 7.74.0-1
HIGH7.5curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
from 0, < 7.74.0-1
HIGH7.5curl - security update
from 0, < 7.52.1-5+deb9u12
HIGH7.5curl - security update
from 0, < 7.72.0-1
HIGH7.5curl - security update
from 0, < 7.64.0-4+deb10u2
HIGH7.5curl - security update
from 0, < 7.72.0-1
HIGH7.5libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.
from 0, < 7.64.0-1
HIGH7.5curl - security update
from 0, < 7.38.0-4+deb8u14
HIGH7.5curl - security update
from 0, < 7.52.1-5+deb9u9
HIGH7.5curl - security update
from 0, < 7.64.0-1
HIGH7.5curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
from 0, < 7.10.7-1
HIGH7.5curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and…
from 0, < 7.51.0-1
HIGH7.5A flaw was found in curl before version 7.51.0.
from 0, < 7.51.0-1
HIGH7.5curl - security update
from 0, < 7.26.0-1+wheezy17
HIGH7.5curl - security update
from 0, < 7.51.0-1
HIGH7.5curl - security update
from 0, < 7.38.0-4+deb8u5
HIGH7.5The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit sho…
from 0, < 7.51.0-1
HIGH7.5curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, an…
from 0, < 7.51.0-1
HIGH7.5In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had change…
from 0, < 7.52.1-5
HIGH7.5A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of…
from 0, < 7.60.0-1
HIGH7.5curl - security update
from 0, < 7.26.0-1+wheezy21