Libcurl@7.40.0 Security Vulnerabilities and Issues — Libcurl@7.40.0 CVE List

Lucene search

HaxxLibcurl7.40.0

8 matches found

CVE•added 2017/10/06 1:29 p.m.•184 views

CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double ...

7.5CVSS7.6AI score0.01688EPSS

CVE•added 2017/10/05 1:29 a.m.•179 views

CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...

6.5CVSS6.8AI score0.00455EPSS

CVE•added 2015/04/24 2:59 p.m.•129 views

CVE-2015-3143

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

5CVSS7.3AI score0.02575EPSS

CVE•added 2015/04/24 2:59 p.m.•124 views

CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

5CVSS9.1AI score0.01442EPSS

CVE•added 2015/04/24 2:59 p.m.•103 views

CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote cha...

7.5CVSS9.4AI score0.65095EPSS

CVE•added 2015/06/22 7:59 p.m.•97 views

CVE-2015-3237

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

6.4CVSS8.1AI score0.02783EPSS

CVE•added 2015/04/24 2:59 p.m.•96 views

CVE-2015-3144

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "htt...

9CVSS9.3AI score0.02429EPSS

CVE•added 2015/06/22 7:59 p.m.•67 views

CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS9.1AI score0.04499EPSS