Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Curl
(Haxx)Repositories |
• https://github.com/curl/curl
• https://github.com/bagder/curl |
#Vulnerabilities | 108 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2013-11-23 | CVE-2013-4545 | cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | Curl, Libcurl | N/A | ||
2013-07-31 | CVE-2013-2174 | Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. | Ubuntu_linux, Curl, Libcurl, Opensuse, Enterprise_linux | N/A | ||
2013-04-29 | CVE-2013-1944 | The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. | Ubuntu_linux, Curl, Libcurl | N/A | ||
2013-03-08 | CVE-2013-0249 | Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. | Ubuntu_linux, Curl, Libcurl | N/A | ||
2018-08-23 | CVE-2003-1605 | curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. | Curl | 7.5 |