CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

CVE-2025-5399 WebSocket endless loop

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

CVE-2025-5025

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

PT-2025-23063

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description The issue arises from an omission in libcurl's support for pinning the server certificate public key for HTTPS transfers when using QUIC for HTTP/3 with the wolfSSL TLS backend. Although the...

Alibaba Cloud Linux 3 : 0056: curl (ALINUX3-SA-2023:0056)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-27535: An authentication bypass...

[R1] Tenable Identity Exposure Version 3.77.9 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.77.9 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 02/20/2025 - 12:00 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components node.js, Envoy, curl were found to contain...

ALSA-2025:1671 Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...

Buffer Overflow

libcurl.so is vulnerable to a Buffer Overflow. The vulnerability is due to an attacker-controlled integer overflow due to the use of zlib when performing automatic gzip decompression with the CURLOPTACCEPTENCODING option, leading to a potential buffer overflow...

Duplicate Operations On Resource

libcurl is vulnerable to Duplicate Operations on Resource. The vulnerability is due to improper handling of eventfd file descriptors due to closing the same descriptor twice after completing a threaded name resolution, which may lead to unexpected behavior or resource leaks...

Azure Linux 3.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27538)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27538 advisory. - An authentication bypass vulnerability exists in libcurl prior to v8.0.0...

CVE-2025-0725

A flaw was found in libcurl. This vulnerability allows an attacker to trigger a buffer overflow via an integer overflow in zlib 1.2.0.3 or older when libcurl performs automatic gzip decompression. Mitigation Mitigation for this issue is either not available or the currently available options do n...

Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

CVE-2025-0665

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve...

CVE-2025-0665

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve...

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

curl: CVE-2025-0725: gzip integer overflow

The libcurl library contained a vulnerability in the gzip content encoding function that allowed a malicious HTTP server to craft an arbitrary heap chunk in the memory of the victim and trigger a free of that forged chunk. This was possible due to an integer overflow in the handling of gzip...

PT-2025-5689 · Libcurl +2 · Libcurl +2

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue arises when libcurl wrongly closes the same eventfd file descriptor twice after completing a threaded name resolve and taking down a connection channel. This problem occurs due to...

Security Bulletin: vulnerability in libcURL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in libcURL CVE-2024-7264 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the the GTime2str function. By sending a specially...