Curl Security Vulnerabilities and Issues — Curl CVE List

Lucene search

CurlCurl

19 matches found

cve•added 2023/10/18 4:15 a.m.•1055 views

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes. If the host name is...

9.8CVSS9.4AI score0.22222EPSS

cve•added 2023/10/18 4:15 a.m.•837 views

CVE-2023-38546

This flaw allows an attacker to insert cookies at will into a running programusing libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles"that are the individual handles for single transfers. libcurl provides a function ca...

3.7CVSS7.4AI score0.00211EPSS

cve•added 2023/02/09 8:15 p.m.•812 views

CVE-2022-43552

A use after free vulnerability exists in curl

5.9CVSS6.2AI score0.00102EPSS

cve•added 2023/02/23 8:15 p.m.•523 views

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl

6.5CVSS6.7AI score0.00051EPSS

cve•added 2023/02/23 8:15 p.m.•522 views

CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl

9.1CVSS8.8AI score0.00175EPSS

cve•added 2023/12/07 1:15 a.m.•514 views

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains. It could do this by exploiting a mixed ...

6.5CVSS6.2AI score0.00432EPSS

cve•added 2023/09/15 4:15 a.m.•456 views

CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and...

7.5CVSS7.5AI score0.17815EPSS

cve•added 2023/02/23 8:15 p.m.•451 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl

6.5CVSS6.2AI score0.00052EPSS

cve•added 2023/12/12 2:15 a.m.•344 views

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.

5.3CVSS6AI score0.00193EPSS

cve•added 2023/05/26 9:15 p.m.•321 views

CVE-2023-28322

An information disclosure vulnerability exists in curl

3.7CVSS5.3AI score0.00502EPSS

cve•added 2023/03/30 8:15 p.m.•279 views

CVE-2023-27534

A path traversal vulnerability exists in curl

8.8CVSS8.8AI score0.00176EPSS

Web

cve•added 2023/05/26 9:15 p.m.•277 views

CVE-2023-28321

An improper certificate validation vulnerability exists in curl

5.9CVSS6.2AI score0.00297EPSS

cve•added 2023/05/26 9:15 p.m.•250 views

CVE-2023-28319

A use after free vulnerability exists in curl

7.5CVSS7.3AI score0.0032EPSS

cve•added 2023/03/30 8:15 p.m.•242 views

CVE-2023-27536

An authentication bypass vulnerability exists libcurl

5.9CVSS7AI score0.0001EPSS

cve•added 2023/03/30 8:15 p.m.•229 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl

5.9CVSS7.3AI score0.00045EPSS

cve•added 2023/03/30 8:15 p.m.•224 views

CVE-2023-27533

A vulnerability in input validation exists in curl

8.8CVSS8.8AI score0.00098EPSS

cve•added 2023/03/30 8:15 p.m.•190 views

CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent ...

7.7CVSS7.1AI score0.0001EPSS

cve•added 2023/05/26 9:15 p.m.•157 views

CVE-2023-28320

A denial of service vulnerability exists in curl

5.9CVSS6.3AI score0.00641EPSS

cve•added 2023/03/30 8:15 p.m.•108 views

CVE-2023-27537

A double free vulnerability exists in libcurl

5.9CVSS5.7AI score0.00105EPSS