| CVE-2025-5399 |
AVG-2895 |
Low |
Yes |
Denial of service |
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless... |
| CVE-2025-5025 |
AVG-2887 |
Medium |
Yes |
Certificate verification bypass |
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC... |
| CVE-2025-4947 |
AVG-2887 |
Medium |
Yes |
Certificate verification bypass |
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it... |
| CVE-2023-38546 |
AVG-2845 |
Low |
Yes |
Content spoofing |
A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific... |
| CVE-2023-38545 |
AVG-2845 |
High |
Yes |
Arbitrary code execution |
A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 8.4.0. |
| CVE-2022-32208 |
AVG-2817 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2022-32207 |
AVG-2817 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2022-32206 |
AVG-2817 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2022-32205 |
AVG-2771 |
Medium |
Yes |
Denial of service |
A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl stores all of them. A sufficiently large amount of... |
| CVE-2022-30115 |
AVG-2706 |
Medium |
No |
Information disclosure |
A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport Security(HSTS) support, it can instruct curl to use HTTPS... |
| CVE-2022-27782 |
AVG-2706 |
Medium |
Unknown |
Unknown |
libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps... |
| CVE-2022-27781 |
AVG-2706 |
Low |
Unknown |
Unknown |
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to be returned about a TLS server's certificate chain. Due to an... |
| CVE-2022-27780 |
AVG-2706 |
Medium |
Unknown |
Unknown |
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a *different* URL using the... |
| CVE-2022-27779 |
AVG-2706 |
Medium |
Unknown |
Unknown |
libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites... |
| CVE-2022-27778 |
AVG-2706 |
Medium |
Unknown |
Unknown |
If curl adds a number to not "clobber" the output and an error occurs during transfer, the remove on error logic would remove the *original* file name... |
| CVE-2022-27776 |
AVG-2685 |
Low |
No |
Insufficient validation |
curl might leak authentication or cookie header data on HTTP redirects to the same host but another port number. |
| CVE-2022-27775 |
AVG-2685 |
Low |
No |
Information disclosure |
flaws in libcurl's connection pool could lead to exposure of sensitive information to an unauthorized actor |
| CVE-2022-27774 |
AVG-2685 |
Medium |
No |
Information disclosure |
curl leaks credentials to other servers when it follows redirects from auth protected HTTP(S) URLs to other protocols and port numbers. It could also leak... |
| CVE-2022-22576 |
AVG-2685 |
Medium |
Yes |
Authentication bypass |
libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for... |
| CVE-2021-22947 |
AVG-2384 |
Medium |
Yes |
Man-in-the-middle |
A STARTTLS protocol injection flaw via man-in-the-middle was found in curl before 7.79.0. When curl connects to an IMAP, POP3, SMTP or FTP server to... |
| CVE-2021-22946 |
AVG-2384 |
Medium |
Yes |
Silent downgrade |
A security issue was found in curl before 7.79.0. A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server... |
| CVE-2021-22945 |
AVG-2384 |
High |
Yes |
Arbitrary code execution |
A use-after-free security issue has been found in the MQTT sending component of curl before 7.79.0. When sending data to an MQTT server, libcurl could in... |
| CVE-2021-22925 |
AVG-2194 |
Medium |
Yes |
Information disclosure |
A security issue has been found in curl before version 7.78.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This... |
| CVE-2021-22924 |
AVG-2194 |
Medium |
Yes |
Insufficient validation |
A security issue has been found in curl before version 7.78.0. libcurl keeps previously used connections in a connection pool for subsequent transfers to... |
| CVE-2021-22923 |
AVG-2194 |
Medium |
Yes |
Information disclosure |
A security issue has been found in curl before version 7.78.0 When curl is instructed to get content using the metalink feature, and a user name and... |
| CVE-2021-22922 |
AVG-2194 |
Medium |
Yes |
Insufficient validation |
A security issue has been found in curl before version 7.78.0. When curl is instructed to download content using the metalink feature, the contents is... |
| CVE-2021-22901 |
AVG-1995 |
High |
Yes |
Arbitrary code execution |
libcurl before version 7.77.0 can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an... |
| CVE-2021-22898 |
AVG-1995 |
Medium |
Yes |
Information disclosure |
A security issue has been found in curl before version 7.77.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This... |
| CVE-2021-22897 |
AVG-2016 |
Low |
Yes |
Incorrect calculation |
A security issue has been found in curl before version 7.77.0. libcurl lets applictions specify which specific TLS ciphers to use in transfers, using the... |
| CVE-2021-22890 |
AVG-1753 |
High |
Yes |
Authentication bypass |
Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a... |
| CVE-2021-22876 |
AVG-1753 |
Medium |
Yes |
Information disclosure |
libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and... |
| CVE-2020-8286 |
AVG-1337 |
Medium |
Yes |
Certificate verification bypass |
A security issue was found in curl versions 7.41.0 up to and including 7.73.0. libcurl offers "OCSP stapling" via the CURLOPT_SSL_VERIFYSTATUS option. When... |
| CVE-2020-8285 |
AVG-1337 |
Medium |
Yes |
Denial of service |
A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback... |
| CVE-2020-8284 |
AVG-1337 |
Low |
Yes |
Information disclosure |
A security issue was found in curl versions 4.0 up to and including 7.73.0. When curl performs a passive FTP transfer, it first tries the EPSV command and... |
| CVE-2020-8177 |
AVG-1194 |
High |
Yes |
Arbitrary file overwrite |
An issue has been found in curl from 7.20.0 upto and including 7.70.0, which can be tricked by a malicious server to overwrite a local file when using -J... |
| CVE-2020-8169 |
AVG-1194 |
Medium |
Yes |
Information disclosure |
An issue has been found in libcurl from7.62.0 up to and including 7.70.0, which can be tricked to prepend a part of the password to the host name before it... |
| CVE-2019-5482 |
AVG-1982 |
Medium |
Yes |
Arbitrary code execution |
libcurl contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It can call recvfrom() with the... |
| CVE-2019-5481 |
AVG-1982 |
Low |
Yes |
Denial of service |
libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option. During such kerberos FTP data transfer, the server sends... |
| CVE-2019-5436 |
AVG-964 |
High |
Yes |
Arbitrary code execution |
libcurl before 7.65.0 contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It calls recvfrom()... |
| CVE-2019-3823 |
AVG-873 |
High |
Yes |
Arbitrary code execution |
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer... |
| CVE-2019-3822 |
AVG-873 |
High |
Yes |
Arbitrary code execution |
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header... |
| CVE-2018-1000301 |
AVG-694 |
Medium |
Yes |
Denial of service |
curl >= 7.20.0 and < 7.60.0 can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content. When servers send RTSP... |
| CVE-2018-1000300 |
AVG-694 |
Critical |
Yes |
Arbitrary code execution |
curl >= 7.54.1 and < 7.60.0 might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. When doing... |
| CVE-2018-1000122 |
AVG-653 |
Medium |
Yes |
Information disclosure |
A buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information... |
| CVE-2018-1000121 |
AVG-653 |
Medium |
Yes |
Denial of service |
A NULL pointer dereference exists in the LDAP code of curl >= 7.21.0 and < curl 7.59.0, allowing an attacker to cause a denial of service. libcurl-using... |
| CVE-2018-1000120 |
AVG-653 |
Medium |
Yes |
Denial of service |
It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP... |
| CVE-2018-1000007 |
AVG-593 |
Medium |
Yes |
Information disclosure |
libcurl might leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first... |
| CVE-2018-1000005 |
AVG-593 |
Medium |
Yes |
Denial of service |
libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the... |
| CVE-2018-16890 |
AVG-873 |
Medium |
Yes |
Arbitrary code execution |
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages... |
| CVE-2018-16842 |
AVG-795 |
Medium |
Yes |
Information disclosure |
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information... |
| CVE-2018-16840 |
AVG-795 |
High |
Yes |
Arbitrary code execution |
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up... |
| CVE-2018-0500 |
AVG-729 |
High |
Yes |
Arbitrary code execution |
It has been discovered that curl before 7.61.0 might overflow a heap based memory buffer when sending data over SMTP and using a reduced read buffer. When... |
| CVE-2017-1000257 |
AVG-467 |
Medium |
Yes |
Information disclosure |
A heap buffer overrun flaw was found in the IMAP handler of libcurl >= 7.20.0 and < 7.56.1. An IMAP FETCH response line indicates the size of the returned... |
| CVE-2017-1000254 |
AVG-422 |
Low |
Yes |
Denial of service |
When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The... |
| CVE-2017-1000101 |
AVG-370 |
Low |
No |
Information disclosure |
A heap-based read buffer overflow has been found in curl < 7.55.0. In the globbing function that parses the numerical range, there was an omission that made... |
| CVE-2017-1000100 |
AVG-370 |
Medium |
Yes |
Information disclosure |
An information disclosure issue has been found in curl < 7.55.0. When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file... |
| CVE-2017-1000099 |
AVG-370 |
Low |
No |
Information disclosure |
An information disclosure issue has been found in curl < 7.55.0. When asking to get a file from a file:// URL, libcurl provides a feature that outputs... |
| CVE-2017-8818 |
AVG-527 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds flaw has been found in the SSL related code of libcurl >= 7.56.0 and < 7.57.0. When allocating memory for a connection (the internal struct... |
| CVE-2017-8817 |
AVG-524 |
Medium |
Yes |
Information disclosure |
A read out of bounds flaw has been found in the FTP wildcard function of libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching feature, which is... |
| CVE-2017-8816 |
AVG-527 |
High |
Yes |
Arbitrary code execution |
A buffer overrun flaw has been found in libcurl > 7.15.4 and < 7.57.0, in the NTLM authentication code. The internal function... |
| CVE-2017-7468 |
AVG-241 |
Medium |
Yes |
Certificate verification bypass |
libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a... |
| CVE-2017-2629 |
AVG-179 |
Low |
Yes |
Insufficient validation |
A coding error has been found in curl >= 7.52.0 and < 7.53.0, causing the TLS Certificate Status Request extension check to always return true. curl and... |
| CVE-2016-9594 |
AVG-112 |
Medium |
Yes |
Incorrect calculation |
libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into... |
| CVE-2016-9586 |
AVG-112 |
Medium |
Yes |
Arbitrary code execution |
libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion... |
| CVE-2016-8625 |
AVG-60 |
Medium |
Yes |
Insufficient validation |
When curl is built with libidn to handle International Domain Names (IDNA), it translates them to puny code for DNS resolving using the IDNA 2003 standard,... |
| CVE-2016-8624 |
AVG-60 |
Medium |
Yes |
Insufficient validation |
curl doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into... |
| CVE-2016-8623 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads. When cookies to be sent... |
| CVE-2016-8622 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
The URL percent-encoding decode function in libcurl is called curl_easy_unescape. Internally, even if this function would be made to allocate a unscape... |
| CVE-2016-8621 |
AVG-60 |
Medium |
Yes |
Information disclosure |
The curl_getdate converts a given date string into a numerical timestamp and it supports a range of different formats and possibilites to express a date and... |
| CVE-2016-8620 |
AVG-60 |
High |
No |
Arbitrary code execution |
The curl tool's "globbing" feature allows a user to specify a numerical range through which curl will iterate. It is typically specified as [1-5],... |
| CVE-2016-8619 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
In curl's implementation of the Kerberos authentication mechanism, the function read_data() in security.c is used to fill the necessary krb5 structures.... |
| CVE-2016-8617 |
AVG-60 |
High |
Yes |
Arbitrary code execution |
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize: malloc( insize * 4 / 3 + 4 ) On systems with... |
| CVE-2016-8616 |
AVG-60 |
Low |
Yes |
Authentication bypass |
When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an... |
| CVE-2016-8615 |
AVG-60 |
Medium |
Yes |
Content spoofing |
If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies... |
| CVE-2016-7167 |
AVG-20 |
Low |
Yes |
Denial of service |
The four libcurl functions curl_escape(), curl_easy_escape(), curl_unescape and curl_easy_unescape perform string URL percent escaping and unescaping. They... |