| CVE-2018-16842 |
AVG-795 |
Medium |
Yes |
Information disclosure |
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information... |
| CVE-2018-16840 |
AVG-795 |
High |
Yes |
Arbitrary code execution |
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up... |
| CVE-2018-1000301 |
AVG-694 |
Medium |
Yes |
Denial of service |
curl >= 7.20.0 and < 7.60.0 can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content.
When servers send RTSP... |
| CVE-2018-1000300 |
AVG-694 |
Critical |
Yes |
Arbitrary code execution |
curl >= 7.54.1 and < 7.60.0 might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.
When doing... |
| CVE-2018-1000122 |
AVG-653 |
Medium |
Yes |
Information disclosure |
A buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information... |
| CVE-2018-1000121 |
AVG-653 |
Medium |
Yes |
Denial of service |
A NULL pointer dereference exists in the LDAP code of curl >= 7.21.0 and < curl 7.59.0, allowing an attacker to cause a denial of service. libcurl-using... |
| CVE-2018-1000120 |
AVG-653 |
Medium |
Yes |
Denial of service |
It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP... |
| CVE-2018-1000007 |
AVG-593 |
Medium |
Yes |
Information disclosure |
libcurl might leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first... |
| CVE-2018-1000005 |
AVG-593 |
Medium |
Yes |
Denial of service |
libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the... |
| CVE-2018-0500 |
AVG-729 |
High |
Yes |
Arbitrary code execution |
It has been discovered that curl before 7.61.0 might overflow a heap based memory buffer when sending data over SMTP and using a reduced read... |
| CVE-2017-8818 |
AVG-527 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds flaw has been found in the SSL related code of libcurl >= 7.56.0 and < 7.57.0. When allocating memory for a connection (the internal struct... |
| CVE-2017-8817 |
AVG-524 |
Medium |
Yes |
Information disclosure |
A read out of bounds flaw has been found in the FTP wildcard function of libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching feature, which is... |
| CVE-2017-8816 |
AVG-527 |
High |
Yes |
Arbitrary code execution |
A buffer overrun flaw has been found in libcurl > 7.15.4 and < 7.57.0, in the NTLM authentication code. The internal function... |
| CVE-2017-7468 |
AVG-241 |
Medium |
Yes |
Certificate verification bypass |
libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a... |
| CVE-2017-2629 |
AVG-179 |
Low |
Yes |
Insufficient validation |
A coding error has been found in curl >= 7.52.0 and < 7.53.0, causing the TLS Certificate Status Request extension check to always return true.
curl and... |
| CVE-2017-1000257 |
AVG-467 |
Medium |
Yes |
Information disclosure |
A heap buffer overrun flaw was found in the IMAP handler of libcurl >= 7.20.0 and < 7.56.1. An IMAP FETCH response line indicates the size of the returned... |
| CVE-2017-1000254 |
AVG-422 |
Low |
Yes |
Denial of service |
When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The... |
| CVE-2017-1000101 |
AVG-370 |
Low |
No |
Information disclosure |
A heap-based read buffer overflow has been found in curl < 7.55.0. In the globbing function that parses the numerical range, there was an omission that made... |
| CVE-2017-1000100 |
AVG-370 |
Medium |
Yes |
Information disclosure |
An information disclosure issue has been found in curl < 7.55.0. When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file... |
| CVE-2017-1000099 |
AVG-370 |
Low |
No |
Information disclosure |
An information disclosure issue has been found in curl < 7.55.0. When asking to get a file from a file:// URL, libcurl provides a feature that outputs... |
| CVE-2016-9594 |
AVG-112 |
Medium |
Yes |
Incorrect calculation |
libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into... |
| CVE-2016-9586 |
AVG-112 |
Medium |
Yes |
Arbitrary code execution |
libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion... |
| CVE-2016-8625 |
AVG-60 |
Medium |
Yes |
Insufficient validation |
When curl is built with libidn to handle International Domain Names (IDNA), it translates them to puny code for DNS resolving using the IDNA 2003 standard,... |
| CVE-2016-8624 |
AVG-60 |
Medium |
Yes |
Insufficient validation |
curl doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into... |
| CVE-2016-8623 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads.
When cookies to be sent... |
| CVE-2016-8622 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
The URL percent-encoding decode function in libcurl is called curl_easy_unescape. Internally, even if this function would be made to allocate a unscape... |
| CVE-2016-8621 |
AVG-60 |
Medium |
Yes |
Information disclosure |
The curl_getdate converts a given date string into a numerical timestamp and it supports a range of different formats and possibilites to express a date and... |
| CVE-2016-8620 |
AVG-60 |
High |
No |
Arbitrary code execution |
The curl tool's "globbing" feature allows a user to specify a numerical range through which curl will iterate. It is typically specified as [1-5],... |
| CVE-2016-8619 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
In curl's implementation of the Kerberos authentication mechanism, the function read_data() in security.c is used to fill the necessary krb5 structures.... |
| CVE-2016-8617 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize:
malloc( insize * 4 / 3 + 4 )
On systems with... |
| CVE-2016-8616 |
AVG-60 |
Low |
Yes |
Authentication bypass |
When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an... |
| CVE-2016-8615 |
AVG-60 |
Medium |
Yes |
Content spoofing |
If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies... |
| CVE-2016-7167 |
AVG-20 |
Low |
Yes |
Denial of service |
The four libcurl functions curl_escape(), curl_easy_escape(), curl_unescape and curl_easy_unescape perform string URL percent escaping and unescaping. They... |