VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 29, 2013· Updated Apr 29, 2026

CVE-2013-1944

CVE-2013-1944

Description

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Affected products

131
  • Haxx/Curl102 versions
    cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*+ 101 more
    • cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*range: <=7.29.0
    • cpe:2.3:a:haxx:curl:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:6.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.9.8:*:*:*:*:*:*:*
  • Haxx/Libcurl24 versions
    cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*+ 23 more
    • cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*range: <=7.29.0
    • cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
  • Canonical/Ubuntu Linux5 versions
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*

Patches

1
2eb8dcf26cb3
https://github.com/bagder/curlvia osv
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

23

News mentions

0

No linked articles in our index yet.