8 matches found
Advisory ROSA-SA-2026-3133
Software: curl 7.61.1 OS: ROSA Virtualization 2.1 unaffected versions = curl-7.61.1-34.0.2.rv3.9 affected versions curl-7.61.1-34.0.2.rv3.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffer...
Amazon Linux 2 : curl (ALAS-2021-1653)
The version of curl installed on the remote host is prior to 7.61.1-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1653 advisory. It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Refere...
curl security update
7.61.1-12 - double free due to subsequent call of realloc CVE-2019-5481 - fix heap buffer overflow in function tftpreceivepacket CVE-2019-5482 - fix TFTP receive buffer overflow CVE-2019-5436...
curl: NTLM password overflow via integer overflow
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...
Haxx curl buffer overflow vulnerability (CNVD-2019-35853)
Haxx curl is a set of file transfer tools from the Swedish company Haxx that utilize URL syntax to work at the command line. The tool supports file uploads and downloads and includes a libcurl client-side URL transfer library for program development. A buffer overflow vulnerability exists in the...
Heap overflow
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...
CVE-2018-16840
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...
Integer overflow
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...