Curl

curl

Vendor: Haxx • 142 CVEs

CVEs (142)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-2629 1Haxx 1Curl Nov 21, 2024 Jul 27, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up al...Show more curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status).Show less
CVE-2018-0500 2Canonical Haxx 2Curl Ubuntu Linux Nov 21, 2024 Jul 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain...Show more Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).Show less
CVE-2018-1000301 5Canonical DebianHaxx+2 more 9Communications Webrtc Session Controller CurlDebian Linux+6 more Apr 15, 2026 May 24, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer...Show more curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.Show less
CVE-2018-1000300 2Canonical Haxx 2Curl Ubuntu Linux Nov 21, 2024 May 24, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when clos...Show more curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.Show less
CVE-2016-9594 1Haxx 1Curl Nov 21, 2024 Apr 23, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that u...Show more curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.Show less
CVE-2016-9586 1Haxx 1Curl Nov 21, 2024 Apr 23, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from...Show more curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.Show less
CVE-2018-1000122 5Canonical DebianHaxx+2 more 9Communications Webrtc Session Controller CurlDebian Linux+6 more Nov 21, 2024 Mar 14, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
CVE-2018-1000121 5Canonical DebianHaxx+2 more 9Communications Webrtc Session Controller CurlDebian Linux+6 more Nov 21, 2024 Mar 14, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
CVE-2018-1000120 5Canonical DebianHaxx+2 more 9Communications Webrtc Session Controller CurlDebian Linux+6 more Nov 21, 2024 Mar 14, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVE-2016-9953 1Haxx 1Curl Nov 21, 2024 Mar 12, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial o...Show more The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.Show less
CVE-2016-9952 1Haxx 1Curl Nov 21, 2024 Mar 12, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks...Show more The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."Show less
CVE-2017-2628 1Haxx 1Curl Nov 21, 2024 Mar 12, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by U...Show more curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.Show less
CVE-2018-1000007 5Canonical DebianFujitsu+2 more 14Curl Debian LinuxEnterprise Linux Desktop+11 more Nov 21, 2024 Jan 24, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL...Show more libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.Show less
CVE-2017-8818 1Haxx 2Curl Libcurl May 13, 2026 Nov 29, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocate...Show more curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.Show less
CVE-2017-8817 2Debian Haxx 3Curl Debian LinuxLibcurl May 13, 2026 Nov 29, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends...Show more The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.Show less
CVE-2017-8816 2Debian Haxx 3Curl Debian LinuxLibcurl May 13, 2026 Nov 29, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have...Show more The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.Show less
CVE-2017-1000101 1Haxx 1Curl May 13, 2026 Oct 5, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was...Show more curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.Show less
CVE-2017-9502 1Haxx 1Curl May 13, 2026 Jun 14, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had...Show more In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://").Show less
CVE-2017-7407 1Haxx 1Curl May 13, 2026 Apr 3, 2017 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen dur...Show more The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.Show less
CVE-2016-4802 1Haxx 1Curl May 6, 2026 Jun 24, 2016 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan hors...Show more Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.Show less

Previous 1...4 567 8 Next