Curl Security Vulnerabilities and Issues — Curl CVE List

Lucene search

CurlCurl

6 matches found

CVE•added 2023/03/30 8:15 p.m.•270 views

CVE-2023-27534

A path traversal vulnerability exists in curl

8.8CVSS8.8AI score0.001EPSS

CVE•added 2022/05/26 5:15 p.m.•248 views

CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols:...

8.1CVSS8AI score0.00253EPSS

CVE•added 2021/06/11 4:15 p.m.•220 views

CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. Wh...

8.1CVSS8.2AI score0.00369EPSS

CVE•added 2023/03/30 8:15 p.m.•212 views

CVE-2023-27533

A vulnerability in input validation exists in curl

8.8CVSS8.8AI score0.001EPSS

CVE•added 2022/06/02 2:15 p.m.•192 views

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error.

8.1CVSS7.8AI score0.00539EPSS

CVE•added 2018/04/23 7:29 p.m.•92 views

CVE-2016-9594

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.

8.1CVSS7.5AI score0.00953EPSS