61 matches found
CVE-2022-32221
CVE-2022-32221 concerns curl/libcurl where the read callback (CURLOPT_READFUNCTION) may be used for POST data even after a PUT if the same handle was used for a PUT with that callback. This can cause sending the wrong data or memory errors on a subsequent POST. Connected advisories note this affe...
CVE-2022-43552
The CVE-2022-43552 vulnerability affects curl
CVE-2022-43551
CVE-2022-43551 is a vulnerability in curl’s HSTS check that could allow bypassing HSTS and forcing a cleartext HTTP transfer. The issue occurs when the URL hostname uses IDN characters that are later ASCII-encoded during IDN processing (e.g., U+3002 IDEOGRAPHIC FULL STOP instead of U+002E). Curl ...
CVE-2021-3520
CVE-2021-3520 affects the lz4 library and is caused by an integer overflow that can lead to memmove being called with a negative size, resulting in out-of-bounds writes or a crash. Documented impacts emphasize availability (with possible confidentiality/integrity impact). Concrete remediation det...
CVE-2022-42916
CVE-2022-42916 affects curl’s HSTS check: when hostnames contain IDN characters that map to ASCII (e.g., IDEOGRAPHIC FULL STOP U+3002), curl can bypass HSTS and end up using HTTP instead of HTTPS. This could lead to cleartext transmission if an HTTP URL is provided. The issue is tied to curl vers...
CVE-2022-36227
CVE-2022-36227 affects libarchive (before 3.6.2). The bug is a NULL pointer dereference caused by not checking the result of calloc, which can return NULL and lead to dereference. Some sources acknowledge that this could in rare circumstances permit arbitrary code execution if NULL is treated as ...
CVE-2022-35252
CVE-2022-35252 affects curl’s handling of cookies containing control codes; when such cookies are echoed back to a server, the server may return 400 responses, effectively enabling a “sister site” to deny service to other siblings. Public advisories confirm this is fixed in curl updates across se...
CVE-2023-23916
CVE-2023-23916 involves curl before 7.88.0 where an attacker could abuse the chained HTTP compression chain to create a degenerate decompression path. Although the cap on the number of links is per header, a malicious server can inject many headers to form an effectively unlimited decompression c...
CVE-2023-23914
CVE-2023-23914 affects curl before 7.88.0, related to cleartext transmission and HSTS handling. The issue occurs when multiple URLs are requested serially on the same command line, where the HSTS state may not be carried forward, causing curl to unexpectedly use insecure HTTP despite HTTPs in the...
CVE-2020-8286
The CVE-2020-8286 issue affects curl/libcurl where OCSP responses were not verified correctly against the certificate, leaving room for fraudulent OCSP responses to appear valid and potentially bypass revocation checks. Reported range: curl versions 7.41.0 through 7.73.0. Impact phrasing in cited...
CVE-2022-35737
CVE-2022-35737 affects SQLite, with vulnerable versions 1.0.12–3.39.x, before 3.39.2. The issue is an array-bounds overflow triggered by very large string arguments to a C API, which can cause a crash and, in some advisories, potentially allow arbitrary code execution. The documented fix is to up...
CVE-2021-22947
CVE-2021-22947 affects curl when connecting to IMAP/POP3 servers using STARTTLS: multiple responses are cached before TLS, and after upgrading to TLS curl may trust pre‑TLS data, enabling a MITM injection of data. Affected releases range from curl 7.20.0 up to 7.78.0; exploitation details are not...
CVE-2020-8177
CVE-2020-8177 affects curl up to 7.70.0, where -J/--remote-header-name combined with -i/--include could allow a malicious server to overwrite a local file due to improper restriction of file names. Connected advisories confirm this vulnerability across distributions (Debian, CentOS, Alpine, Amazo...
CVE-2023-23915
CVE-2023-23915 affects multiple packages (e.g., rust 1.59.0-1, mysql 8.0.32-1, cmake 3.21.4-3, tensorflow <2.16.1-1, rust <1.72.0-2, cmake <3.28.2-1, mysql =2.16.1-1, cmake >=3.28.2-1, mysql >=8.0.33-1) to resolve the issue. The initial curl CVE description documents a separate HST...
CVE-2021-22924
CVE-2021-22924 — libcurl connection reuse flaw : The issue arises when libcurl reuses connections from its pool without correctly accounting for the issuer certificate and with path comparisons that are case-insensitive. This can cause a transfer to use the wrong, previously opened connection. Pu...
CVE-2021-22925
CVE-2021-22925 affects curl/libcurl’s TELNET OPTION handling (-t / CURLOPT_TELNETOPTIONS). A flaw in the option parser for NEW_ENV variables can cause uninitialized data from a stack buffer to be sent to the server, due to incorrect sscanf usage when parsing the provided string. This could reveal...
CVE-2021-22876
The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...
CVE-2021-22946
CVE-2021-22946 affects curl before 7.82.0 (and within 7.20.0–7.78.0 per description) where the --ssl-reqd option or CURLUSESSL controls could be bypassed if a server crafts a legitimate response, allowing curl to continue without TLS. Connected sources confirm this flaw exists across multiple eco...
CVE-2020-8231
CVE-2020-8231 affects libcurl/curl: a dangling pointer could cause the library to use the wrong connection when CURLOPT_CONNECT_ONLY is set, potentially leading to information leaks. Public references in the provided connected docs show affected curl/libcurl versions ranging from 7.29.0 through 7...
CVE-2021-30560
CVE-2021-30560 is a use-after-free vulnerability in the Blink XSLT component of the Chromium/Google Chrome rendering engine prior to version 91.0.4472.164. The documented impact is potential heap corruption/execution of arbitrary code via a crafted HTML page. Connected advisories consistently ref...
CVE-2021-22898
CVE-2021-22898 affects curl before the patch levels that fix TELNET option handling. Specifically, curl 7.7–7.76.1 could disclose information when using the -t option (CURLOPT_TELNETOPTIONS) to send NEW_ENV variables due to a flaw in the option parser that passes uninitialized data from a stack b...
CVE-2022-27776
CVE-2022-27776 is a curl vulnerability where credentials could be leaked during HTTP redirects to the same host on a different port. Root cause: insufficiently protected credentials in redirect handling. Impact: potential exposure of authentication or cookie headers. Affected: curl/libcurl across...
CVE-2020-8285
CVE-2020-8285 is a curl/libcurl vulnerability in the FTP wildcard match parsing. The issue triggers uncontrolled recursion leading to a stack overflow when the internal callback returns CURL_CHUNK_BGN_FUNC_SKIP repeatedly, potentially causing a crash. Affected software includes curl/libcurl from ...
CVE-2020-8169
CVE-2020-8169 affects curl/libcurl 7.62.0–7.70.0. Root cause: libcurl could be tricked into prepending part of a password to the host name before DNS resolution, potentially leaking a partial password over the network and to DNS servers. Impact: information disclosure of partial credentials. Affe...
CVE-2020-8284
CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...
CVE-2022-27782
CVE-2022-27782 affects curl/libcurl: it can reuse a previously created connection when TLS/SSH-related options were changed, due to incomplete configuration-matching checks. Connected advisories confirm this issue across multiple platforms (AIX, Amazon Linux, CloudLinux/CentOS, Cloud Foundry) and...
CVE-2021-22890
CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...
CVE-2022-27780
CVE-2022-27780 affects curl: the URL parser can wrongly decode percent-encoded separators in the host portion, causing a URL like http://example.com%2F127.0.0.1/ to be interpreted as http://example.com/127.0.0.1/, potentially bypassing filters. Affected software is curl (core library). The flaw’s...
CVE-2021-22922
CVE-2021-22922 affects curl’s Metalink download flow: when multiple URLs are provided, a content hash mismatch on a breached server is not discarded during download, allowing potentially malicious data to be kept on disk. Public advisories and vendor bulletins confirm patches in patched curl rele...
CVE-2021-22945
Summary: CVE-2021-22945 affects libcurl/curl when sending data to an MQTT server, where in some cases a pointer to freed memory could be reused and freed again. This is a memory-use-after-free/double-free issue in libcurl. What is affected: libcurl/curl (MQTT data transmission scenarios) with vul...
CVE-2021-22923
CVE-2021-22923 affects curl's metalink feature: when downloading a metalink XML with user credentials, those credentials are subsequently passed to each server curls contacts, potentially leaking credentials to multiple endpoints. Technical details across sources confirm this credential exposure ...
CVE-2022-42915
CVE-2022-42915 affects curl. A double-free can occur in curl 7.77.0 and later when using an HTTP proxy for non-HTTP(S) URLs, if the proxy returns a non-200 status and the URL uses schemes such as dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The error/cleanup path may trigger the me...
CVE-2020-14155
CVE-2020-14155 concerns the PCRE library: libpcre in PCRE versions prior to 8.44 allows an integer overflow when parsing a large number after a (?C substring. The issue is the result of an input validation/overflow bug in PCRE’s handling of certain regular expressions, potentially enabling memory...
CVE-2023-27534
CVE-2023-27534 affects curl’s SFTP path handling in versions before 8.0.0, where tilde (~) processing can be misapplied when prefixing the first path element (e.g., /~2/foo). This can allow bypassing filters or potentially enable arbitrary code access on a targeted server; the issue is tied to th...
CVE-2022-27781
CVE-2022-27781 affects libcurl builds using NSS; due to an erroneous function, a malicious server could cause libcurl to enter a never-ending busy-loop when retrieving certificate information, impacting availability. Affected advisories suggest upgrading curl/libcurl to a patched version (e.g., n...
CVE-2022-32206
CVE-2022-32206 affects curl
CVE-2022-27774
CVE-2022-27774 affects curl. The vulnerability is described as an insufficiently protected credentials issue where credentials could be leaked during HTTP(S) redirects when authentication is involved, potentially leaking to other hosts across different protocols or ports. Connected advisories sho...
CVE-2022-32208
CVE-2022-32208 affects curl when performing FTP transfers secured by krb5 prior to version 7.84.0. The vulnerability arises from how message verification failures are handled during krb5-secured FTP transfers, enabling a man-in-the-middle to go unnoticed and potentially inject data to the client....
CVE-2022-32207
CVE-2022-32207 affects curl: when saving cookies, alt-svc and HSTS data, the final rename can widen target file permissions, exposing updates to more users. Affected versions are curl before 7.84.0; remediation is to upgrade to 7.84.0 or newer (as indicated by multiple advisories).
CVE-2022-35260
CVE-2022-35260 affects curl. When curl parses a .netrc file for credentials, if the file ends with a line of 4095 consecutive non-whitespace characters and no newline, curl could read past the end of a stack-based buffer and, if the read succeeds, write a zero byte beyond its boundary, causing a ...
CVE-2022-22576
CVE-2022-22576 is an improper authentication vulnerability in curl 7.33.0 through 7.82.0 that may allow reuse of OAuth2-authenticated connections without confirming the credentials used for the transfer, affecting SASL-enabled protocols (SMPTP(S), IMAP(S), POP3(S), LDAP(S) via OpenLDAP). The root...
CVE-2021-22926
CVE-2021-22926 affects curl/libcurl where using CURLOPT_SSLCERT can be spoofed when libcurl uses macOS Secure Transport. A writable current working directory attacker can cause the app to select a file-based cert over a named cert, resulting in the wrong client certificate being sent in TLS hands...
CVE-2019-20838
CVE-2019-20838 is a PCRE/PCRE2 vulnerability where libpcre had a subject buffer over-read during JIT compilation in non-UTF mode when the pattern uses \X or \R with more than one fixed quantifier. Affected versions include PCRE up to 8.43; remediation is to upgrade to a patched PCRE (e.g., 8.43+;...
CVE-2019-20454
CVE-2019-20454 is a PCRE2 out-of-bounds read vulnerability triggered when the pattern \X is JIT-compiled and matched in non-UTF mode. The flaw occurs in do_extuni_no_utf inside pcre2_jit_compile.c and can cause an application crash when parsing untrusted input. Affected history and related adviso...
CVE-2022-27775
Curl contains an information‑disclosure flaw (CVE-2022-27775) in versions 7.65.0–7.82.0 where an IPv6 address from the pool could be reused with a different zone id, enabling potential leakage through connection reuse. Affected platforms in connected advisories indicate curl/libcurl fixes have be...
CVE-2023-27535
CVE-2023-27535 affects libcurl
CVE-2021-31566
CVE-2021-31566 affects the libarchive library and is documented across multiple advisories. The flaw is an improper link resolution during archive extraction that can change file modes, times, ACLs and flags of files outside the archive, potentially enabling a local privilege escalation. Connecte...
CVE-2023-27536
CVE-2023-27536 affects libcurl
CVE-2023-27533
CVE-2023-27533 affects curl = 8.0.1 as seen in ALAS2-2023-2070 and other advisories). No exploitation status is provided in the sources; assess risk based on environment and patch availability.
CVE-2021-22901
CVE-2021-22901 affects curl/libcurl up to version 7.76.x for builds using OpenSSL. A use-after-free during TLS 1.3 session-ticket handling on a single connection can lead to remote code execution in rare cases. Impact is tied to memory access after freeing objects when a session ticket arrives on...