Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Curl
(Haxx)| Repositories |
• https://github.com/curl/curl
• https://github.com/bagder/curl |
| #Vulnerabilities | 109 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-08-01 | CVE-2016-8616 | A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. | Curl | 5.9 | ||
| 2018-08-01 | CVE-2016-8619 | The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | Curl | 9.8 | ||
| 2018-08-01 | CVE-2016-8620 | The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | Curl | 9.8 | ||
| 2018-08-01 | CVE-2016-8623 | A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. | Curl | 7.5 | ||
| 2018-08-01 | CVE-2016-8625 | curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. | Curl | 7.5 | ||
| 2018-10-31 | CVE-2018-16839 | Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | Ubuntu_linux, Debian_linux, Curl | 9.8 | ||
| 2019-05-28 | CVE-2019-5435 | An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | Curl | 3.7 | ||
| 2019-09-16 | CVE-2019-5481 | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | Debian_linux, Fedora, Curl, Cloud_backup, Solidfire_baseboard_management_controller_firmware, Steelstore, Leap, Communications_operations_monitor, Communications_session_border_controller, Enterprise_manager_ops_center, Mysql_server, Oss_support_tools | 9.8 | ||
| 2019-09-16 | CVE-2019-5482 | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | Debian_linux, Fedora, Curl, Cloud_backup, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Leap, Communications_operations_monitor, Communications_session_border_controller, Enterprise_manager_ops_center, Http_server, Hyperion_essbase, Mysql_server, Oss_support_tools | 9.8 | ||
| 2018-03-12 | CVE-2017-2628 | curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. | Curl | 9.8 |