VYPR

Libcurl

by Curl

Source repositories

CVEs (87)

  • CVE-2022-32221Dec 5, 2022
    risk 0.00cvss epss 0.04

    When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This…

  • CVE-2022-27779Jun 1, 2022
    risk 0.00cvss epss 0.02

    libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL…

  • CVE-2021-22945Sep 23, 2021
    risk 0.00cvss epss 0.06

    When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

  • CVE-2021-22876Apr 1, 2021
    risk 0.00cvss epss 0.05

    curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP…

  • CVE-2020-8231Dec 14, 2020
    risk 0.00cvss epss 0.04

    Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

  • CVE-2019-5435May 28, 2019
    risk 0.00cvss epss 0.05

    An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

  • CVE-2018-16890Feb 6, 2019
    risk 0.00cvss epss 0.05

    libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow…

  • CVE-2014-8151Jan 15, 2015
    risk 0.00cvss epss 0.01

    The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows…

  • CVE-2014-3620Nov 18, 2014
    risk 0.00cvss epss 0.05

    cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

  • CVE-2014-3707Nov 15, 2014
    risk 0.00cvss epss 0.05

    The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory…

  • CVE-2014-2522Apr 18, 2014
    risk 0.00cvss epss 0.03

    curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that…

  • CVE-2014-0139Apr 15, 2014
    risk 0.00cvss epss 0.05

    cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via…

  • CVE-2014-0138Apr 15, 2014
    risk 0.00cvss epss 0.05

    The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a…

  • CVE-2014-1263Feb 27, 2014
    risk 0.00cvss epss 0.03

    curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509…

  • CVE-2014-0015Feb 2, 2014
    risk 0.00cvss epss 0.06

    cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

  • CVE-2013-6422Dec 23, 2013
    risk 0.00cvss epss 0.03

    The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct…

  • CVE-2013-4545Nov 23, 2013
    risk 0.00cvss epss 0.03

    cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof…

  • CVE-2013-2174Jul 31, 2013
    risk 0.00cvss epss 0.11

    Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent)…

  • CVE-2013-1944Apr 29, 2013
    risk 0.00cvss epss 0.05

    The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

  • CVE-2012-0036Apr 13, 2012
    risk 0.00cvss epss 0.17

    curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or…

Page 4 of 5