61 matches found
CVE-2023-38545
CVE-2023-38545 is a heap-based buffer overflow in curl/libcurl during SOCKS5 proxy hostname handling. When a long host name (over 255 bytes) is passed for proxy resolution, curl may copy the full hostname into the target buffer due to a race in a slow handshake, enabling arbitrary code execution....
CVE-2023-38546
CVE-2023-38546 affects libcurl/curl (curl_easy_duphandle path). Root cause: when duplicating an easy handle with cookies enabled, the cookie state is cloned without cookies; if source hadn’t loaded cookies from disk, the clone may load cookies from a file named none in the program’s CWD, enabling...
CVE-2024-7264
CVE-2024-7264 affects libcurl’s ASN.1 parser (GTime2str): if parsing a syntactically incorrect Generalized Time field, the code may set the time fraction length to -1, causing strlen() to operate on a non-null-terminated heap buffer. This can cause a crash and potentially leak heap contents to th...
CVE-2020-8286
The CVE-2020-8286 issue affects curl/libcurl where OCSP responses were not verified correctly against the certificate, leaving room for fraudulent OCSP responses to appear valid and potentially bypass revocation checks. Reported range: curl versions 7.41.0 through 7.73.0. Impact phrasing in cited...
CVE-2018-14618
CVE-2018-14618 affects curl/libcurl NTLM authentication. The vulnerability arises from an integer overflow in Curl_ntlm_core_mk_nt_hash (32-bit size_t) that overflows when password length > 2 GB, causing heap buffer overflow due to under-allocated temporary storage. Affects curl prior to 7.61....
CVE-2019-5436
CVE-2019-5436 affects curl/libcurl with a heap buffer overflow in the TFTP receiving code (tftp_receive_packet). Exploitation can lead to DoS or arbitrary code execution. Upstream fix released in curl 7.65.0; advisories from CentOS, Arch Linux, Debian, and others document the vulnerability and re...
CVE-2021-22924
CVE-2021-22924 — libcurl connection reuse flaw : The issue arises when libcurl reuses connections from its pool without correctly accounting for the issuer certificate and with path comparisons that are case-insensitive. This can cause a transfer to use the wrong, previously opened connection. Pu...
CVE-2019-3822
CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...
CVE-2021-22876
The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...
CVE-2020-8231
CVE-2020-8231 affects libcurl/curl: a dangling pointer could cause the library to use the wrong connection when CURLOPT_CONNECT_ONLY is set, potentially leading to information leaks. Public references in the provided connected docs show affected curl/libcurl versions ranging from 7.29.0 through 7...
CVE-2020-8285
CVE-2020-8285 is a curl/libcurl vulnerability in the FTP wildcard match parsing. The issue triggers uncontrolled recursion leading to a stack overflow when the internal callback returns CURL_CHUNK_BGN_FUNC_SKIP repeatedly, potentially causing a crash. Affected software includes curl/libcurl from ...
CVE-2017-1000257
CVE-2017-1000257: A heap-based buffer overrun in libcurl’s IMAP FETCH handling (zero-length data) can cause reading past the end of a heap buffer, potentially disclosing information or crashing the application. Upstream fix and downstream advisories implement version bumps to 7.56.1-1 or later; a...
CVE-2025-0725
CVE-2025-0725 affects libcurl when performing automatic gzip decompression with CURLOPT_ACCEPT_ENCODING using zlib 1.2.0.3 or older. A attacker-controlled integer overflow can cause a buffer overflow during decompression. Connected advisories (ALAS/Amazon/Linux and Debian/CVE trackers) confirm th...
CVE-2021-22890
CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...
CVE-2021-22945
Summary: CVE-2021-22945 affects libcurl/curl when sending data to an MQTT server, where in some cases a pointer to freed memory could be reused and freed again. This is a memory-use-after-free/double-free issue in libcurl. What is affected: libcurl/curl (MQTT data transmission scenarios) with vul...
CVE-2018-16890
CVE-2018-16890 affects libcurl versions 7.36.0 to before 7.64.0. The NTLM type-2 handling path (lib/vauth/ntlm.c:ntlm_decode_type2_target) fails to validate incoming data, enabling an integer overflow that an attacker could abuse to trigger a heap read out-of-bounds. Related issues in the same se...
CVE-2019-3823
CVE-2019-3823 affects curl/libcurl from version 7.34.0 through before 7.64.0. The issue is a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn’t NUL terminated and contains no character ending the parsed number, and len is 5, a...
CVE-2023-27535
CVE-2023-27535 affects libcurl
CVE-2017-8817
The CVE-2017-8817 issue is a read-out-of-bounds in libcurl’s FTP wildcard function that occurs when a path ends with an opening bracket [, affecting curl/libcurl versions earlier than 7.57.0. This can lead to a crash and potential information leakage. Amazon Linux 2 and other advisories (ALAS-201...
CVE-2023-27536
CVE-2023-27536 affects libcurl
CVE-2017-8816
CVE-2017-8816 affects curl/libcurl NTLM authentication on 32-bit platforms, enabling a denial-of-service via integer overflow and buffer overflow when handling long user/password fields. Public advisories tie this to the NTLM path and note exposure through 32-bit builds prior to curl 7.57.0. Amaz...
CVE-2016-7167
CVE-2016-7167: In libcurl, four escaping/unescaping functions (curl_escape, curl_easy_escape, curl_unescape, curl_easy_unescape) allow a string length of 0xffffffff, causing integer overflows and a heap-based buffer overflow. The vulnerability affects libcurl builds predating upstream fix. Upstre...
CVE-2016-5419
CVE-2016-5419 affects curl/libcurl up to 7.50.1, where TLS session resumption is allowed even if the client certificate changed. This enables a remote attacker to bypass client-certificate checks by resuming a previously established session, potentially hijacking authentication. CVE-2016-5420 and...
CVE-2016-5420
CVE-2016-5420 affects curl/libcurl prior to 7.50.1, where the client certificate is not checked when reusing a TLS connection, enabling an attacker to hijack the authentication of an existing connection by leveraging a previously loaded client certificate. The related advisories confirm that this...
CVE-2017-1000254
CVE-2017-1000254 affects curl/libcurl: FTP PWD response parsing could read beyond a heap buffer due to a parser flaw when the directory name is not properly quoted. The issue causes out-of-bounds reads and potential crashes. Patches exist in curl updates (notably fixed by 7.56.0 with improved nul...
CVE-2023-27538
CVE-2023-27538 affects libcurl/curl (curl/libcurl) and related packages. The issue is an authentication bypass in libcurl prior to v8.0.0 where a previously established SSH connection could be reused despite an SSH option change, due to two SSH settings being omitted from the configuration match,...
CVE-2014-3613
CVE-2014-3613 involves curl/libcurl before 7.38.0 failing to properly validate IP addresses in cookie domain names, enabling a remote attacker to set cookies for, or send cookies to, unintended sites (as demonstrated by 192.168.0.1 cookies affecting 127.168.0.1). The issue is documented across mu...
CVE-2016-5421
CVE-2016-5421 is a use-after-free in libcurl up to version 7.50.0 that can affect which connection is used or cause unspecified impact via unknown vectors. Public notes in ALAS-2016-730 (curl) indicate the issue affects curl/libcurl before 7.50.1 and that patches upgrade to 7.50.1 or newer; remed...
CVE-2017-1000100
CVE-2017-1000100 is a curl/libcurl vulnerability with concrete details across connected docs: an information-disclosure and potential DoS via TFTP long-file-name handling, and a flawed FTP PWD parsing path. Arch Linux advisories ASA-201710-3/4/5/6 specify vulnerable lib32-curl, lib32-libcurl-gnut...
CVE-2018-1000005
CVE-2018-1000005 affects libcurl 7.49.0 through 7.57.0, due to an out-of-bounds read when handling HTTP/2 trailers. Reading a trailer could corrupt future trailers, leading to a crash or potential information disclosure; the issue arises from mis-updated math after changing the header creation to...
CVE-2016-8622
CVE-2016-8622 affects curl/libcurl’s URL percent-encoding decode path. The curl_easy_unescape function may allocate a destination buffer larger than 2 GB but store the result length in a signed 32‑bit int, causing length truncation or negative values. This can lead to writing outside the heap. Pu...
CVE-2016-7141
CVE-2016-7141 affects curl/libcurl up to version 7.50.1 (before 7.50.2) when built with NSS and the libnsspem.so runtime library is available. The root issue is TLS client certificate reuse: a previously loaded client certificate from file could be reused for a new TLS connection that has no cert...
CVE-2024-6197
CVE-2024-6197 affects libcurl’s ASN.1 parser (utf8asn1str) where freeing a 4-byte local stack buffer on error can corrupt nearby stack memory depending on the malloc implementation; outcome most often is a crash, with remote exploitation not detailed in the provided documents. Connected sources c...
CVE-2024-6874
CVE-2024-6874 affects libcurl’s URL API function curl_url_get() when built with the macidn IDN backend. If the input name is exactly 256 bytes, the function may read past a stack-based buffer, and when the conversion fills the provided buffer, it does not null-terminate the string, potentially ca...
CVE-2014-3707
CVE-2014-3707 affects libcurl/curl prior to a non-vulnerable build when using CURLOPT_COPYPOSTFIELDS, where curl_easy_duphandle incorrectly copies HTTP POST data, causing an out-of-bounds read. Affected products/versions cited in the documents include libcurl/curl 7.17.1 through 7.38.0, enabling ...
CVE-2014-0015
The CVE-2014-0015 issue affects curl/libcurl 7.10.6–7.34.0, where NTLM connections are reused when multiple authentication methods are enabled, potentially allowing a context-dependent attacker to authenticate as another user via a request. The F5 advisory family (e.g., K15862) mirrors this vulne...
CVE-2015-3143
The connected documents provide concrete details for CVE-2015-3143: in curl and libcurl, versions 7.10.6 through 7.41.0 failed to properly re-use NTLM connections, enabling a remote attacker to connect as another user via an unauthenticated request (NTLM/Negotiate authentication interaction). Thi...
CVE-2014-8150
CVE-2014-8150 is a CRLF injection flaw in libcurl 6.0–7.x prior to 7.40.0. When using an HTTP proxy, an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting via CRLF sequences in the URL. The vulnerability is demonstrated in the public description: it affects libcurl and...
CVE-2015-3148
CVE-2015-3148 affects curl and libcurl (versions 7.10.6 through 7.41.0). The issue is improper reuse of authenticated Negotiate connections, which could allow a remote attacker to perform requests as another user by manipulating a connection during a request. The connected sources corroborate the...
CVE-2014-0138
Technical details about CVE-2014-0138 are not provided in the supplied documents. The connected sources discuss related CVEs and curl issues, but do not specify affected products, versions, root cause, impact, or fixes for this CVE.
CVE-2014-0139
CVE-2014-0139 affects curl/libcurl up to version 7.36.0 when using TLS with OpenSSL, axtls, qsossl or gskit. The vulnerability arises from how the hostname validation handles wildcard characters in the certificate’s Common Name (CN); a crafted certificate could allow MITM spoofing of SSL servers....
CVE-2014-3620
The provided connected sources confirm CVE-2014-3620: cURL/libcURL could allow a remote attacker to bypass security restrictions by setting cookies for Top Level Domains (TLDs). Affected are curl/libcurl prior to the fix; the issue enables a cookie to be set for a TLD (for example ".me."), and th...
CVE-2013-2174
CVE-2013-2174 : A heap-based buffer overflow in curl_easy_unescape() (lib/escape.c) in curl/libcurl, affecting 7.7–7.30.0, can cause remote crashes or arbitrary code execution via a crafted string ending in “%”. Connected IBM PSIRTs/IMM advisories corroborate the issue and map affected IMM firmwa...
CVE-2015-3153
Technical details for CVE-2015-3153 are not provided in the connected documents. Monitor for updates; the available material only includes the initial summary of impact without vendor/product specifics.
CVE-2023-27537
CVE-2023-27537 is a double‑free vulnerability in libcurl
CVE-2015-3145
CVE-2015-3145 affects curl/libcurl 7.31.0 through 7.41.0. The sanitize_cookie_path function can miscompute an index, enabling a remote attacker to cause a denial of service via an out-of-bounds write when the cookie path consists only of a double-quote character. Connected sources corroborate the...
CVE-2015-3237
The CVE-2015-3237 issue affects curl/libcurl 7.40.0–7.42.1. In the smb_request_state() handler, two length and offset values parsed from network data are used without proper boundary checks, enabling a remote SMB server to read memory contents or trigger a crash. Impacts include information discl...
CVE-2013-1944
CVE-2013-1944 is the tailMatch cookie handling flaw in curl/curl/libcurl where the tailMatch function in cookie.c does not correctly match path domains, allowing cookie leakage via suffix matches in URLs. Affected are curl and libcurl versions before 7.30.0. Multiple connected advisories (e.g., M...
CVE-2017-1000099
CVE-2017-1000099 is an information-disclosure flaw in curl/libcurl prior to 7.55.0. When retrieving a file from a file:// URL, libcurl could output metadata with HTTP-like headers by sending the wrong, uninitialized heap buffer to stdout/provide callback, potentially displaying private heap data....
CVE-2015-3144
CVE-2015-3144 affects curl and libcurl; the fix_hostname function can miscalculate an index, enabling out-of-bounds read/write via a zero-length host name (examples: http://:80 and :80.), leading to denial of service (crash) and potentially other impacts. Public documents consistently describe th...