VYPR

Libcurl

by Curl

Source repositories

CVEs (87)

  • CVE-2023-38545CriOct 18, 2023
    risk 0.66cvss 9.8epss 0.78

    This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255…

  • CVE-2017-8817CriNov 29, 2017
    risk 0.65cvss 9.8epss 0.11

    The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

  • CVE-2016-7167CriOct 7, 2016
    risk 0.65cvss 9.8epss 0.12

    Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

  • CVE-2016-9953CriMar 12, 2018
    risk 0.64cvss 9.8epss 0.02

    The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other…

  • CVE-2018-1000007CriJan 24, 2018
    risk 0.64cvss 9.8epss 0.08

    libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP…

  • CVE-2017-8818CriNov 29, 2017
    risk 0.64cvss 9.8epss 0.04

    curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

  • CVE-2017-8816CriNov 29, 2017
    risk 0.64cvss 9.8epss 0.09

    The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user…

  • CVE-2017-1000257CriOct 31, 2017
    risk 0.60cvss 9.1epss 0.06

    An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data…

  • CVE-2005-0490HigMay 2, 2005
    risk 0.58cvss 8.8epss 0.06

    Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the…

  • CVE-2016-9952HigMar 12, 2018
    risk 0.53cvss 8.1epss 0.01

    The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as…

  • CVE-2016-5421HigAug 10, 2016
    risk 0.53cvss 8.1epss 0.08

    Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

  • CVE-2019-5436HigMay 28, 2019
    risk 0.52cvss 7.8epss 0.50

    A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

  • CVE-2016-4802HigJun 24, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in…

  • CVE-2016-5420HigAug 10, 2016
    risk 0.50cvss 7.5epss 0.15

    curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

  • CVE-2016-5419HigAug 10, 2016
    risk 0.50cvss 7.5epss 0.15

    curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

  • CVE-2017-1000254HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.08

    libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing…

  • CVE-2016-7141HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.08

    curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no…

  • CVE-2016-0755HigJan 29, 2016
    risk 0.48cvss 7.3epss 0.09

    The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

  • CVE-2017-1000100MedOct 5, 2017
    risk 0.43cvss 6.5epss 0.04

    When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too…

  • CVE-2022-27781HigJun 2, 2022
    risk 0.42cvss 7.5epss 0.02

    libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to…

Page 1 of 5