Curl Security Vulnerabilities and Issues — Curl CVE List

Lucene search

CurlCurl

6 matches found

CVE•added 2020/12/14 8:15 p.m.•492 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

7.5CVSS7.6AI score0.00161EPSS

CVE•added 2020/12/14 8:15 p.m.•410 views

CVE-2020-8177

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

7.8CVSS7.2AI score0.00028EPSS

CVE•added 2020/12/14 8:15 p.m.•370 views

CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

7.5CVSS7.5AI score0.00111EPSS

CVE•added 2020/12/14 8:15 p.m.•349 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service bann...

4.3CVSS6AI score0.00104EPSS

CVE•added 2020/12/14 8:15 p.m.•333 views

CVE-2020-8169

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

7.5CVSS7AI score0.00058EPSS

CVE•added 2020/12/14 8:15 p.m.•297 views

CVE-2020-8285

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

7.5CVSS7.7AI score0.0046EPSS