Lucene search

K

36 matches found

CVE
CVE
added 2023/10/18 4:15 a.m.1053 views

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes. If the host name is...

9.8CVSS9.4AI score0.22222EPSS
CVE
CVE
added 2023/10/18 4:15 a.m.835 views

CVE-2023-38546

This flaw allows an attacker to insert cookies at will into a running programusing libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles"that are the individual handles for single transfers. libcurl provides a function ca...

3.7CVSS7.4AI score0.00211EPSS
CVE
CVE
added 2024/07/31 8:15 a.m.591 views

CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str() function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the time fraction , leading toa strlen() getting performed on a pointer to a heap buffer area that i...

6.5CVSS7.3AI score0.02574EPSS
CVE
CVE
added 2018/09/05 7:29 p.m.504 views

CVE-2018-14618

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequ...

10CVSS9.9AI score0.00617EPSS
CVE
CVE
added 2020/12/14 8:15 p.m.501 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

7.5CVSS7.6AI score0.00219EPSS
CVE
CVE
added 2019/05/28 7:29 p.m.496 views

CVE-2019-5436

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

7.8CVSS8.3AI score0.29542EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.416 views

CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that ...

9.8CVSS9.3AI score0.24561EPSS
CVE
CVE
added 2021/04/01 6:15 p.m.405 views

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header fiel...

5.3CVSS5.7AI score0.00053EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.391 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively ,which could lead t...

4.3CVSS5.7AI score0.0063EPSS
CVE
CVE
added 2020/12/14 8:15 p.m.377 views

CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

7.5CVSS7.5AI score0.00111EPSS
CVE
CVE
added 2017/10/31 9:29 p.m.364 views

CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a m...

9.1CVSS9.1AI score0.01399EPSS
CVE
CVE
added 2021/04/01 6:15 p.m.331 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived fro...

4.3CVSS4.9AI score0.00143EPSS
CVE
CVE
added 2020/12/14 8:15 p.m.306 views

CVE-2020-8285

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

7.5CVSS7.7AI score0.0046EPSS
CVE
CVE
added 2021/09/23 1:15 p.m.305 views

CVE-2021-22945

When sending data to an MQTT server, libcurl

9.1CVSS8.9AI score0.00354EPSS
CVE
CVE
added 2025/02/05 10:15 a.m.301 views

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression ofcontent-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option,using zlib 1.2.0.3 or older , an attacker-controlled integer overflow wouldmake libcurl perform a buffer overflow.

7.3CVSS7.4AI score0.00377EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.258 views

CVE-2019-3823

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call ...

7.5CVSS8.5AI score0.01581EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.247 views

CVE-2018-16890

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that ...

7.5CVSS8.6AI score0.00985EPSS
CVE
CVE
added 2023/03/30 8:15 p.m.242 views

CVE-2023-27536

An authentication bypass vulnerability exists libcurl

5.9CVSS7AI score0.0001EPSS
CVE
CVE
added 2017/11/29 6:29 p.m.231 views

CVE-2017-8816

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

9.8CVSS10AI score0.00617EPSS
CVE
CVE
added 2023/03/30 8:15 p.m.229 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl

5.9CVSS7.3AI score0.00039EPSS
CVE
CVE
added 2016/10/07 2:59 p.m.227 views

CVE-2016-7167

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

9.8CVSS8AI score0.02494EPSS
CVE
CVE
added 2017/11/29 6:29 p.m.218 views

CVE-2017-8817

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

9.8CVSS9.7AI score0.0119EPSS
CVE
CVE
added 2016/08/10 2:59 p.m.207 views

CVE-2016-5419

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

7.5CVSS7AI score0.02128EPSS
CVE
CVE
added 2023/03/30 8:15 p.m.190 views

CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent ...

7.7CVSS7.1AI score0.0001EPSS
CVE
CVE
added 2016/08/10 2:59 p.m.188 views

CVE-2016-5420

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

7.5CVSS7.1AI score0.011EPSS
CVE
CVE
added 2014/11/18 3:59 p.m.187 views

CVE-2014-3613

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

5CVSS9.3AI score0.01343EPSS
CVE
CVE
added 2018/07/31 9:29 p.m.181 views

CVE-2016-8622

The URL percent-encoding decode function in libcurl before 7.51.0 is called curl_easy_unescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get ei...

9.8CVSS7.8AI score0.01605EPSS
CVE
CVE
added 2018/01/24 10:29 p.m.180 views

CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the c...

9.1CVSS8.9AI score0.00338EPSS
CVE
CVE
added 2016/10/03 9:59 p.m.173 views

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has bee...

7.5CVSS7.2AI score0.011EPSS
CVE
CVE
added 2016/08/10 2:59 p.m.157 views

CVE-2016-5421

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

8.1CVSS7.4AI score0.01092EPSS
CVE
CVE
added 2024/07/24 8:15 a.m.149 views

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free() on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS6.4AI score0.01278EPSS
CVE
CVE
added 2015/05/01 3:59 p.m.115 views

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

5CVSS8.2AI score0.06181EPSS
CVE
CVE
added 2014/11/18 3:59 p.m.104 views

CVE-2014-3620

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

5CVSS7.1AI score0.01666EPSS
CVE
CVE
added 2018/07/16 1:29 p.m.100 views

CVE-2017-7468

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which wa...

7.5CVSS6.8AI score0.02128EPSS
CVE
CVE
added 2011/07/07 9:55 p.m.84 views

CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

4.3CVSS6.8AI score0.0151EPSS
CVE
CVE
added 2013/04/29 10:55 p.m.76 views

CVE-2013-1944

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

5CVSS9.1AI score0.02482EPSS