ALPINE-CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

wrong reuse of HTTP Negotiate connection

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

GHSA-R3HF-Q3MF-7H6W HybridAuth Has Improper SSL Certificate Validation in Curl HTTP Client

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

curl: TOCTOU Race Condition in HTTP/2 Connection Reuse Leads to Certificate Validation Bypass

I've discovered a Time-of-Check to Time-of-Use TOCTOU vulnerability in how libcurl handles persistent HTTP/2 connections. During the initial handshake, libcurl correctly validates the server's certificate against the user-provided CA bundle. However, it then assumes this trust is permanent for th...

curl: WebSocket Fragmentation DoS on Curl Client

Summary A malicious WebSocket server can send a fragmented message FIN=0 followed by a flood of continuation frames, causing the client curl to continuously allocate memory while waiting for message completion. This can result in high memory usage and potential crash OOM, representing a...

The vulnerability of the software for interacting with servers via CURL lies in the use of memory after it is freed, allowing an attacker to cause a service failure.

The vulnerability of the software for interacting with servers via CURL is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

SUSE CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

STARTTLS protocol injection via MITM

When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade. Such multiple pipelined responses are cached by curl. curl would then...

The vulnerability of the software for interacting with servers via CURL is related to errors in the certificate validation process, which allows attackers to compromise data integrity.

The vulnerability of the software for interacting with servers via CURL is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to manipulate data integrity through OCSP responses...

FTP-KRB double free

libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32-bit size of each block first and then that amount of data immediately following. A malicious or broken serv...

LDAP NULL pointer dereference

curl might dereference a near-NULL address when getting an LDAP URL. The function ldapgetattributeber is called to get attributes, but it turns out that it can return LDAPSUCCESS and still return a NULL pointer in the result pointer when getting a particularly crafted response. This was a surpris...

curl: Re-using connection with wrong client cert

It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...

MGASA-2014-0430 Updated php packages fix security vulnerabilities

An integer overflow flaw in PHP's unserialize function was reported. If unserialize were used on untrusted data, this issue could lead to a crash or potentially information disclosure CVE-2014-3669. A heap corruption issue was reported in PHP's exifthumbnail function. A specially-crafted JPEG ima...