VYPR

Curl

by Curl

Source repositories

CVEs (157)

  • CVE-2016-8620MedAug 1, 2018
    risk 0.43cvss 6.5epss 0.04

    The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.

  • CVE-2017-1000101MedOct 5, 2017
    risk 0.43cvss 6.5epss 0.04

    curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of…

  • CVE-2026-6276HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first…

  • CVE-2026-5773HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to…

  • CVE-2025-9086HigSep 12, 2025
    risk 0.42cvss 7.5epss 0.01

    1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path…

  • CVE-2023-46218MedDec 7, 2023
    risk 0.42cvss 6.5epss 0.02

    This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do…

  • CVE-2022-27782HigJun 2, 2022
    risk 0.42cvss 7.5epss 0.03

    libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However,…

  • CVE-2022-27781HigJun 2, 2022
    risk 0.42cvss 7.5epss 0.02

    libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to…

  • CVE-2021-22946HigSep 29, 2021
    risk 0.42cvss 7.5epss 0.04

    A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed…

  • CVE-2020-8285HigDec 14, 2020
    risk 0.42cvss 7.5epss 0.10

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2003-1605HigAug 23, 2018
    risk 0.42cvss 7.5epss 0.02

    curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.

  • CVE-2016-9594MedApr 23, 2018
    risk 0.42cvss 6.5epss 0.03

    curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.

  • CVE-2016-9586MedApr 23, 2018
    risk 0.39cvss 5.9epss 0.05

    curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could…

  • CVE-2022-27774MedJun 2, 2022
    risk 0.37cvss 5.7epss 0.02

    An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on…

  • CVE-2026-5545MedMay 13, 2026
    risk 0.35cvss 6.5epss 0.00

    libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing…

  • CVE-2026-3784MedMar 11, 2026
    risk 0.35cvss 6.5epss 0.00

    curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

  • CVE-2021-22922MedAug 5, 2021
    risk 0.35cvss 6.5epss 0.04

    When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by…

  • CVE-2021-22897MedJun 11, 2021
    risk 0.35cvss 5.3epss 0.03

    curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library,…

  • CVE-2016-8615MedAug 1, 2018
    risk 0.35cvss 5.3epss 0.04

    A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.

  • CVE-2016-8621MedJul 31, 2018
    risk 0.35cvss 5.3epss 0.05

    The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.

Page 2 of 8