VYPR

Libcurl

by Curl

Source repositories

CVEs (87)

  • CVE-2015-3143Apr 24, 2015
    risk 0.01cvss epss 0.16

    cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

  • CVE-2014-8150Jan 15, 2015
    risk 0.01cvss epss 0.07

    CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

  • CVE-2014-3613Nov 18, 2014
    risk 0.01cvss epss 0.07

    cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

  • CVE-2026-1965Mar 11, 2026
    risk 0.00cvss epss 0.00

    libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a…

  • CVE-2025-15079Jan 8, 2026
    risk 0.00cvss epss 0.00

    When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

  • CVE-2025-14819Jan 8, 2026
    risk 0.00cvss epss 0.01

    When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations.…

  • CVE-2025-13034Jan 8, 2026
    risk 0.00cvss epss 0.00

    When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without…

  • CVE-2025-5399Jun 7, 2025
    risk 0.00cvss epss 0.01

    Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This…

  • CVE-2025-5025May 28, 2025
    risk 0.00cvss epss 0.00

    libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that…

  • CVE-2025-4947May 28, 2025
    risk 0.00cvss epss 0.00

    libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

  • CVE-2025-0665Feb 5, 2025
    risk 0.00cvss epss 0.01

    libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

  • CVE-2024-7264Jul 31, 2024
    risk 0.00cvss epss 0.16

    libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer…

  • CVE-2024-6874Jul 24, 2024
    risk 0.00cvss epss 0.01

    libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN…

  • CVE-2024-2466Mar 27, 2024
    risk 0.00cvss epss 0.01

    libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely…

  • CVE-2024-2379Mar 27, 2024
    risk 0.00cvss epss 0.02

    libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

  • CVE-2024-2398Mar 27, 2024
    risk 0.00cvss epss 0.36

    When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated…

  • CVE-2023-27538Mar 30, 2023
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse…

  • CVE-2023-27537Mar 30, 2023
    risk 0.00cvss epss 0.02

    A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing…

  • CVE-2023-27535Mar 30, 2023
    risk 0.00cvss epss 0.02

    An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current…

  • CVE-2023-27536Mar 30, 2023
    risk 0.00cvss epss 0.02

    An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability…