CVE-2023-38546 |
AVG-2846 |
Low |
Yes |
Content spoofing |
A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific... |
CVE-2023-38545 |
AVG-2846 |
High |
Yes |
Arbitrary code execution |
A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 8.4.0. |
CVE-2021-22947 |
AVG-2387 |
Medium |
Yes |
Man-in-the-middle |
A STARTTLS protocol injection flaw via man-in-the-middle was found in curl before 7.79.0. When curl connects to an IMAP, POP3, SMTP or FTP server to... |
CVE-2021-22946 |
AVG-2387 |
Medium |
Yes |
Silent downgrade |
A security issue was found in curl before 7.79.0. A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server... |
CVE-2021-22945 |
AVG-2387 |
High |
Yes |
Arbitrary code execution |
A use-after-free security issue has been found in the MQTT sending component of curl before 7.79.0. When sending data to an MQTT server, libcurl could in... |
CVE-2021-22925 |
AVG-2197 |
Medium |
Yes |
Information disclosure |
A security issue has been found in curl before version 7.78.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This... |
CVE-2021-22924 |
AVG-2197 |
Medium |
Yes |
Insufficient validation |
A security issue has been found in curl before version 7.78.0. libcurl keeps previously used connections in a connection pool for subsequent transfers to... |
CVE-2021-22901 |
AVG-1998 |
High |
Yes |
Arbitrary code execution |
libcurl before version 7.77.0 can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an... |
CVE-2021-22898 |
AVG-1998 |
Medium |
Yes |
Information disclosure |
A security issue has been found in curl before version 7.77.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This... |
CVE-2021-22890 |
AVG-1756 |
High |
Yes |
Authentication bypass |
Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a... |
CVE-2021-22876 |
AVG-1756 |
Medium |
Yes |
Information disclosure |
libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and... |
CVE-2019-5436 |
AVG-962 |
High |
Yes |
Arbitrary code execution |
libcurl before 7.65.0 contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It calls recvfrom()... |
CVE-2019-5435 |
AVG-962 |
High |
Yes |
Arbitrary code execution |
libcurl before 7.65.0 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a... |
CVE-2019-3823 |
AVG-875 |
High |
Yes |
Arbitrary code execution |
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer... |
CVE-2019-3822 |
AVG-875 |
High |
Yes |
Arbitrary code execution |
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header... |
CVE-2018-1000301 |
AVG-696 |
Medium |
Yes |
Denial of service |
curl >= 7.20.0 and < 7.60.0 can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content. When servers send RTSP... |
CVE-2018-1000300 |
AVG-696 |
Critical |
Yes |
Arbitrary code execution |
curl >= 7.54.1 and < 7.60.0 might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. When doing... |
CVE-2018-1000122 |
AVG-660 |
Medium |
Yes |
Information disclosure |
A buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information... |
CVE-2018-1000121 |
AVG-660 |
Medium |
Yes |
Denial of service |
A NULL pointer dereference exists in the LDAP code of curl >= 7.21.0 and < curl 7.59.0, allowing an attacker to cause a denial of service. libcurl-using... |
CVE-2018-1000120 |
AVG-660 |
Medium |
Yes |
Denial of service |
It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP... |
CVE-2018-1000007 |
AVG-598 |
Medium |
Yes |
Information disclosure |
libcurl might leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first... |
CVE-2018-1000005 |
AVG-598 |
Medium |
Yes |
Denial of service |
libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the... |
CVE-2018-16890 |
AVG-875 |
Medium |
Yes |
Arbitrary code execution |
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages... |
CVE-2018-16840 |
AVG-797 |
High |
Yes |
Arbitrary code execution |
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up... |
CVE-2018-16839 |
AVG-797 |
High |
Yes |
Arbitrary code execution |
The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then... |
CVE-2018-0500 |
AVG-731 |
High |
Yes |
Arbitrary code execution |
It has been discovered that curl before 7.61.0 might overflow a heap based memory buffer when sending data over SMTP and using a reduced read buffer. When... |
CVE-2017-1000257 |
AVG-465 |
Medium |
Yes |
Information disclosure |
A heap buffer overrun flaw was found in the IMAP handler of libcurl >= 7.20.0 and < 7.56.1. An IMAP FETCH response line indicates the size of the returned... |
CVE-2017-1000254 |
AVG-388 |
Low |
Yes |
Denial of service |
When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The... |
CVE-2017-1000100 |
AVG-388 |
Medium |
Yes |
Information disclosure |
An information disclosure issue has been found in curl < 7.55.0. When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file... |
CVE-2017-1000099 |
AVG-388 |
Low |
No |
Information disclosure |
An information disclosure issue has been found in curl < 7.55.0. When asking to get a file from a file:// URL, libcurl provides a feature that outputs... |
CVE-2017-8818 |
AVG-522 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds flaw has been found in the SSL related code of libcurl >= 7.56.0 and < 7.57.0. When allocating memory for a connection (the internal struct... |
CVE-2017-8817 |
AVG-522 |
Medium |
Yes |
Information disclosure |
A read out of bounds flaw has been found in the FTP wildcard function of libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching feature, which is... |
CVE-2017-8816 |
AVG-522 |
High |
Yes |
Arbitrary code execution |
A buffer overrun flaw has been found in libcurl > 7.15.4 and < 7.57.0, in the NTLM authentication code. The internal function... |
CVE-2017-7468 |
AVG-183 |
Medium |
Yes |
Certificate verification bypass |
libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a... |
CVE-2017-2629 |
AVG-183 |
Low |
Yes |
Insufficient validation |
A coding error has been found in curl >= 7.52.0 and < 7.53.0, causing the TLS Certificate Status Request extension check to always return true. curl and... |
CVE-2016-9594 |
AVG-116 |
Medium |
Yes |
Incorrect calculation |
libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into... |
CVE-2016-9586 |
AVG-116 |
Medium |
Yes |
Arbitrary code execution |
libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion... |
CVE-2016-8625 |
AVG-63 |
Medium |
Yes |
Insufficient validation |
When curl is built with libidn to handle International Domain Names (IDNA), it translates them to puny code for DNS resolving using the IDNA 2003 standard,... |
CVE-2016-8624 |
AVG-63 |
Medium |
Yes |
Insufficient validation |
curl doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into... |
CVE-2016-8623 |
AVG-63 |
High |
Yes |
Arbitrary code execution |
libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads. When cookies to be sent... |
CVE-2016-8621 |
AVG-63 |
Medium |
Yes |
Information disclosure |
The curl_getdate converts a given date string into a numerical timestamp and it supports a range of different formats and possibilites to express a date and... |
CVE-2016-8619 |
AVG-63 |
High |
Yes |
Arbitrary code execution |
In curl's implementation of the Kerberos authentication mechanism, the function read_data() in security.c is used to fill the necessary krb5 structures.... |
CVE-2016-8618 |
AVG-63 |
High |
Yes |
Arbitrary code execution |
The libcurl API function called curl_maprintf() can be tricked into doing a double-free due to an unsafe size_t multiplication, on systems using 32 bit... |
CVE-2016-8617 |
AVG-63 |
High |
Yes |
Arbitrary code execution |
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize: malloc( insize * 4 / 3 + 4 ) On systems with... |
CVE-2016-8616 |
AVG-63 |
Low |
Yes |
Authentication bypass |
When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an... |
CVE-2016-8615 |
AVG-63 |
Medium |
Yes |
Content spoofing |
If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies... |