2 matches found
curl: curl/libcurl vulnerable to TLS truncation attacks
Summary: curl/libcurl doesn't enforce "Closure Alerts" 12 for protocols that have no knowledge of the size of the transmitted data. This enables truncation attacks where the attacker in a meddler-in-the-middle position closes the connection prematurely. This results in partial file being download...
HTTP proxy double free
If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of protocol through. An HTTP proxy might refuse this request HTTP proxies often only allow outgoing...