rpm package
suse/curl&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9086 | Hig | 7.5 | < 8.14.1-150200.4.91.1 | 8.14.1-150200.4.91.1 | Sep 12, 2025 | 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path | |
| CVE-2025-10148 | — | < 8.14.1-150200.4.91.1 | 8.14.1-150200.4.91.1 | Sep 12, 2025 | curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traf | ||
| CVE-2025-0725 | — | < 7.66.0-150200.4.84.1 | 7.66.0-150200.4.84.1 | Feb 5, 2025 | When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. | ||
| CVE-2025-0167 | — | < 7.66.0-150200.4.84.1 | 7.66.0-150200.4.84.1 | Feb 5, 2025 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both l | ||
| CVE-2023-28322 | — | < 7.66.0-150200.4.57.1 | 7.66.0-150200.4.57.1 | May 26, 2023 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was | ||
| CVE-2023-28321 | — | < 7.66.0-150200.4.57.1 | 7.66.0-150200.4.57.1 | May 26, 2023 | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provi | ||
| CVE-2023-28320 | — | < 7.66.0-150200.4.57.1 | 7.66.0-150200.4.57.1 | May 26, 2023 | A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` an |
- affected < 8.14.1-150200.4.91.1fixed 8.14.1-150200.4.91.1
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path
- CVE-2025-10148Sep 12, 2025affected < 8.14.1-150200.4.91.1fixed 8.14.1-150200.4.91.1
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traf
- CVE-2025-0725Feb 5, 2025affected < 7.66.0-150200.4.84.1fixed 7.66.0-150200.4.84.1
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
- CVE-2025-0167Feb 5, 2025affected < 7.66.0-150200.4.84.1fixed 7.66.0-150200.4.84.1
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both l
- CVE-2023-28322May 26, 2023affected < 7.66.0-150200.4.57.1fixed 7.66.0-150200.4.57.1
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was
- CVE-2023-28321May 26, 2023affected < 7.66.0-150200.4.57.1fixed 7.66.0-150200.4.57.1
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provi
- CVE-2023-28320May 26, 2023affected < 7.66.0-150200.4.57.1fixed 7.66.0-150200.4.57.1
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` an