Advisory ROSA-SA-2026-3133

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 unaffected versions = curl-7.61.1-34.0.2.rv3.9 affected versions curl-7.61.1-34.0.2.rv3.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffer...

Advisory ROSA-SA-2024-2411

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-22.rv3.src.rpm CVE-ID: CVE-2021-22897 BDU-ID: 2022-00375 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Transport Layer Security TLS protocol implementation of the libcurl library is due to security flaws in the...

Amazon Linux 2 : curl (ALAS-2021-1653)

The version of curl installed on the remote host is prior to 7.61.1-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1653 advisory. It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Refere...

curl security update

7.61.1-12 - double free due to subsequent call of realloc CVE-2019-5481 - fix heap buffer overflow in function tftpreceivepacket CVE-2019-5482 - fix TFTP receive buffer overflow CVE-2019-5436...

curl: Heap-based buffer over-read in the curl tool warning formatting

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the toolmsgs.c:voutf function that may result in information exposure and denial of service...

curl: NTLM password overflow via integer overflow

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...

curl: Use-after-free when closing "easy" handle in Curl_close()

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

Haxx curl buffer overflow vulnerability (CNVD-2019-35853)

Haxx curl is a set of file transfer tools from the Swedish company Haxx that utilize URL syntax to work at the command line. The tool supports file uploads and downloads and includes a libcurl client-side URL transfer library for program development. A buffer overflow vulnerability exists in the...

CVE-2018-16842

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the toolmsgs.c:voutf function that may result in information exposure and denial of service...

CVE-2018-16842

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the toolmsgs.c:voutf function that may result in information exposure and denial of service...

Heap overflow

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

ALPINE-CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

CVE-2018-16840

CVE-2018-16840 is a heap use-after-free in curl/libcurl outside of initial document, affecting curl 7.59.0–7.61.1 where Curl_close() frees a struct and may still write to it. ALAS advisories confirm this issue and recommend updating curl to the patched package (e.g., curl 7.61.1-9.amzn2.0.1 and r...

CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

UBUNTU-CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

Integer overflow

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...