Curl Security Vulnerabilities and Issues — Curl CVE List

Lucene search

CurlCurl

19 matches found

CVE•added 2023/10/18 4:15 a.m.•1002 views

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes. If the host name is...

9.8CVSS9.4AI score0.22672EPSS

CVE•added 2023/10/18 4:15 a.m.•789 views

CVE-2023-38546

This flaw allows an attacker to insert cookies at will into a running programusing libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles"that are the individual handles for single transfers. libcurl provides a function ca...

3.7CVSS7.4AI score0.00217EPSS

CVE•added 2023/02/09 8:15 p.m.•762 views

CVE-2022-43552

A use after free vulnerability exists in curl

5.9CVSS6.2AI score0.00102EPSS

CVE•added 2023/02/23 8:15 p.m.•506 views

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl

6.5CVSS6.7AI score0.00051EPSS

CVE•added 2023/02/23 8:15 p.m.•505 views

CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl

9.1CVSS8.8AI score0.00109EPSS

CVE•added 2023/12/07 1:15 a.m.•467 views

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains. It could do this by exploiting a mixed ...

6.5CVSS6.2AI score0.00444EPSS

CVE•added 2023/09/15 4:15 a.m.•441 views

CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and...

7.5CVSS7.5AI score0.14467EPSS

CVE•added 2023/02/23 8:15 p.m.•436 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl

6.5CVSS6.2AI score0.0003EPSS

CVE•added 2023/05/26 9:15 p.m.•304 views

CVE-2023-28322

An information disclosure vulnerability exists in curl

3.7CVSS5.3AI score0.00516EPSS

CVE•added 2023/12/12 2:15 a.m.•296 views

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.

5.3CVSS6AI score0.00193EPSS

CVE•added 2023/03/30 8:15 p.m.•262 views

CVE-2023-27534

A path traversal vulnerability exists in curl

8.8CVSS8.8AI score0.001EPSS

CVE•added 2023/05/26 9:15 p.m.•262 views

CVE-2023-28321

An improper certificate validation vulnerability exists in curl

5.9CVSS6.2AI score0.00305EPSS

CVE•added 2023/05/26 9:15 p.m.•234 views

CVE-2023-28319

A use after free vulnerability exists in curl

7.5CVSS7.3AI score0.0032EPSS

CVE•added 2023/03/30 8:15 p.m.•230 views

CVE-2023-27536

An authentication bypass vulnerability exists libcurl

5.9CVSS7AI score0.00007EPSS

CVE•added 2023/03/30 8:15 p.m.•219 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl

5.9CVSS7.3AI score0.00026EPSS

CVE•added 2023/03/30 8:15 p.m.•205 views

CVE-2023-27533

A vulnerability in input validation exists in curl

8.8CVSS8.8AI score0.00098EPSS

CVE•added 2023/03/30 8:15 p.m.•183 views

CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent ...

7.7CVSS7.1AI score0.00007EPSS

CVE•added 2023/05/26 9:15 p.m.•152 views

CVE-2023-28320

A denial of service vulnerability exists in curl

5.9CVSS6.3AI score0.00641EPSS

CVE•added 2023/03/30 8:15 p.m.•107 views

CVE-2023-27537

A double free vulnerability exists in libcurl

5.9CVSS5.7AI score0.00053EPSS