1149 matches found
Curl 8.15.0 < 8.21.0 SASL Double-Free
The version of curl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the...
Curl 8.11.1 < 8.21.0 Netrc Password Leak
The version of curl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username, curl could wrongly get and use the...
Curl 8.16.0 < 8.21.0 WebSocket Auto-PONG Memory Exhaustion
The version of curl installed on the remote host is 8.16.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - Because curl lacks an upper bound on memory allocation for unacknowledged WebSocket frames, a malicious server can exhaust all available memory by floodin...
Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification
The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...
CURL-CVE-2026-9545 exposing HTTP/3 early data
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...
CURL-CVE-2026-8926 password leak with netrc and user in URL
When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is n...
CURL-CVE-2026-11564 Native CA trust persist
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...
Linux Distros Unpatched Vulnerability : CVE-2026-9547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION...
Linux Distros Unpatched Vulnerability : CVE-2026-9545
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second...
Linux Distros Unpatched Vulnerability : CVE-2026-9080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability,...
Linux Distros Unpatched Vulnerability : CVE-2026-8932
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - libcurl would reuse a previously created connection even when some mTLS config related option had been changed that...
Astra Linux – Vulnerability in curl
There is a vulnerability in curl version 7.87.0 where it is possible to exploit the memory reclamation mechanism. In this vulnerability, curl can be instructed to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When curl...
Astra Linux – Vulnerability in curl
There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...
Astra Linux – Vulnerability in curl
When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes that, when sent back to an HTTP server later, may cause the server to return 400 responses. This effectively allows a “sister site” to deny service to all other sibling sites...
Astra Linux – Vulnerability in curl
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname, but the...
Astra Linux – Vulnerability in curl
When performing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread will inadvertently change them globally, and thus may also affect other concurrently running transfers. Disabling certificate verification for a specific transfer can unintentionally...
Astra Linux – Vulnerability in curl
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3, or SMTP scheme, curl may incorrectly pass the bearer token to the new target host...
Astra Linux – Vulnerability in curl
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take ‘issuercert’ into account, and it compared the involved paths case insensitively, which could...
Astra Linux – Vulnerability in curl
There is a vulnerability in curl v7.88.0 where resource allocation without limits or throttling exists. This vulnerability stems from the “chained” HTTP compression algorithms. This means that a server’s response can be compressed multiple times, possibly using different algorithms. The number of...
Astra Linux – Vulnerability in curl
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port. In this way, the malicious server can potentially enable curl to extract information about services that would otherwise be private and undisclosed. This could...