CVE-2026-7168

>= 7.12.0 and < 8.20.0

Successfully using libcurl to do a transfer over a specific HTTP proxy (proxyA) with Digest authentication and then changing

5.3MEDIUM

CVE-2026-7009

>= 8.17.0 and < 8.20.0

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the se

5.3MEDIUM

CVE-2026-6429

>= 7.14.0 and < 8.20.0

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the

5.3MEDIUM

CVE-2026-6276

>= 7.71.0 and < 8.20.0

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the s

7.5HIGH

CVE-2026-6253

>= 7.14.1 and < 8.20.0

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are

5.9MEDIUM

CVE-2026-5773

>= 7.40.0 and < 8.20.0

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connection

7.5HIGH

CVE-2026-5545

>= 7.10.6 and < 8.20.0

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate

6.5MEDIUM

CVE-2026-4873

>= 7.20.0 and < 8.20.0

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connec

5.9MEDIUM

CVE-2026-3805

>= 8.13.0 and < 8.19.0

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

7.5HIGH

CVE-2026-3784

>= 7.7 and < 8.18.0

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different crede

6.5MEDIUM

CVE-2026-3783

>= 7.33.0 and < 8.19.0

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could lea

5.3MEDIUM

CVE-2026-1965

>= 7.10.6 and < 8.19.0

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. l

6.5MEDIUM

CVE-2025-11563

>= 2024-12-08 and < 2025-11-09

URLs containing percent-encoded slashes (/ or \) can trick wcurl into saving the output file outside of the current directory

4.6MEDIUM

CVE-2025-15224

>= 7.58.0 and < 8.18.0

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask a

3.1LOW

CVE-2025-15079

>= 7.58.0 and < 8.18.0

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept c

5.3MEDIUM

CVE-2025-14819

>= 7.87.0 and < 8.18.0

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl

5.3MEDIUM

CVE-2025-14524

>= 7.33.0 and < 8.18.0

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL

5.3MEDIUM

CVE-2025-14017

>= 7.17.0 and < 8.18.0

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently cha

6.3MEDIUM

CVE-2025-13034

>= 8.8.0 and < 8.18.0

When using CURLOPT_PINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key o

5.9MEDIUM

CVE-2025-10966

>= 7.69.0 and < 8.17.0

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verificat

4.3MEDIUM

CVE-2025-9086

>= 8.13.0 and < 8.16.0

1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with `htt

7.5HIGH

CVE-2025-10148

>= 8.11.0 and < 8.16.0

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it us

5.3MEDIUM

CVE-2025-5399

>= 8.13.0 and < 8.14.1

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get tr

7.5HIGH

CVE-2025-5025

>= 8.5.0 and < 8.14.0

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not perform

4.8MEDIUM

CVE-2025-4947

>= 8.8.0 and < 8.14.0

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address

6.5MEDIUM

CVE-2025-0725

>= 7.10.5 and < 8.12.0

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING

7.3HIGH

CVE-2025-0665

all versions

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a

7.0HIGH

CVE-2025-0167

>= 7.76.0 and < 8.12.0

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the firs

3.4LOW

CVE-2024-11053

>= 7.76.0 and < 8.11.1

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the fir

3.4LOW

CVE-2024-9681

>= 7.74.0 and < 8.11.0

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end soone

6.5MEDIUM

CVE-2024-8096

>= 7.41.0 and < 8.10.0

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the serv

6.5MEDIUM

CVE-2024-2466

>= 8.5.0 and < 8.7.0

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedT

6.5MEDIUM

CVE-2024-2398

>= 7.44.0 and < 8.7.0

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses

8.6HIGH

CVE-2024-2379

all versions

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to u

6.3MEDIUM

CVE-2024-2004

>= 7.85.0 and < 8.7.0

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remai

3.5LOW

CVE-2024-0853

all versions

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed.

5.3MEDIUM

CVE-2023-46219

>= 7.84.0 and < 8.5.0

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using

5.3MEDIUM

CVE-2023-46218

>= 7.46.0 and <= 8.4.0

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is oth

6.5MEDIUM

CVE-2023-38039

>= 7.84.0 and < 8.3.0

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers AP

7.5HIGH

CVE-2020-19909

all versions

Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report th

3.3LOW

CVE-2023-28322

< 8.1.0

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the rea

3.7LOW

CVE-2023-28321

< 8.1.0

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when

5.9MEDIUM

CVE-2023-28320

< 8.1.0

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host

5.9MEDIUM

CVE-2023-28319

< 8.1.0

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key usi

7.5HIGH

CVE-2023-27534

>= 7.18.0 and <= 7.88.1

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced whe

8.8HIGH

CVE-2023-27533

>= 7.0.0 and <= 7.881

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pa

8.8HIGH

CVE-2023-23916

>= 7.57.0 and < 7.88.0

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compress

6.5MEDIUM

CVE-2023-23915

>= 7.77.0 and < 7.88.0

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to beh

6.5MEDIUM

CVE-2023-23914

>= 7.77.0 and < 7.88.0

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail w

9.1CRITICAL

CVE-2022-43552

< 7.87.0

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through a

5.9MEDIUM

CVE-2022-43551

>= 7.77.0 and < 7.87.0

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, c

7.5HIGH

CVE-2022-35260

>= 7.84.0 and < 7.86.0

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letter

6.5MEDIUM

CVE-2022-32221

< 7.86.0

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, ev

9.8CRITICAL

CVE-2022-42915

>= 7.77.0 and < 7.86.0

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the c

8.1HIGH

CVE-2022-42916

>= 7.77.0 and < 7.86.0

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be in

7.5HIGH

CVE-2022-35252

< 7.85.0

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are s

3.7LOW

CVE-2022-32208

>= 7.16.4 and < 7.84.0

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possib

5.9MEDIUM

CVE-2022-32207

>= 7.69.0 and < 7.84.0

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation

9.8CRITICAL

CVE-2022-32206

< 7.84.0

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and p

6.5MEDIUM

CVE-2022-32205

>= 7.71.0 and < 7.84.0

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of

4.3MEDIUM

CVE-2022-30115

>= 7.82.0 and < 7.83.1

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HT

4.3MEDIUM

CVE-2022-27782

< 7.83.1

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibi

7.5HIGH

CVE-2022-27781

< 7.83.1

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate

7.5HIGH

CVE-2022-27780

>= 7.80.0 and < 7.83.1

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a

7.5HIGH

CVE-2022-27779

>= 7.82.0 and < 7.83.1

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be

5.3MEDIUM

CVE-2022-27778

all versions

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together

8.1HIGH

CVE-2022-27776

< 7.83.0

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HT

6.5MEDIUM

CVE-2022-27775

>= 7.65.0 and <= 7.82.0

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in t

7.5HIGH

CVE-2022-27774

>= 4.9 and <= 7.82.0

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow

5.7MEDIUM

CVE-2022-22576

>= 7.33.0 and < 7.83.0

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticate

8.1HIGH

CVE-2021-22947

>= 7.20.0 and < 7.79.0

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

>= 7.20.0 and < 7.79.0

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-22926

>= 7.33.0 and < 7.78.0

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLC

7.5HIGH

CVE-2021-22925

>= 7.7 and < 7.78.0

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send va

5.3MEDIUM

CVE-2021-22923

>= 7.27.0 and < 7.78.0

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink

5.3MEDIUM

CVE-2021-22922

>= 7.27.0 and < 7.78.0

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the met

6.5MEDIUM

CVE-2021-22901

>= 7.75.0 and <= 7.76.1

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3

8.1HIGH

CVE-2021-22898

>= 7.7 and <= 7.76.1

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS

3.1LOW

CVE-2021-22897

>= 7.61.0 and <= 7.76.1

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIP

5.3MEDIUM

CVE-2020-8284

<= 7.73.0

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and p

3.7LOW

CVE-2020-8177

>= 7.20.0 and <= 7.70.0

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwrit

7.8HIGH

CVE-2020-8169

>= 7.62.0 and <= 7.70.0

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leak

7.5HIGH

CVE-2016-4606

< 7.49.1

Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, ga

9.8CRITICAL

CVE-2019-5482

>= 7.19.4 and <= 7.65.3

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

9.8CRITICAL

CVE-2019-5481

>= 7.52.0 and <= 7.65.3

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

9.8CRITICAL

CVE-2019-5443

<= 7.65.1

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will mak

7.8HIGH

CVE-2019-5435

>= 7.62.0 and <= 7.64.1

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

3.7LOW

CVE-2018-16842

>= 7.14.1 and <= 7.61.1

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may r

4.4MEDIUM

CVE-2018-16840

>= 7.59.0 and < 7.62.0

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. Wh

9.8CRITICAL

CVE-2018-16839

>= 7.33.0 and <= 7.61.1

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of

4.3MEDIUM

CVE-2003-1605

>= 7.1.0 and < 7.10.7

curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.

7.5HIGH

CVE-2016-8625

< 7.51.0

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potent

5.3MEDIUM

CVE-2016-8623

< 7.51.0

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free lea

3.3LOW

CVE-2016-8620

< 7.51.0

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user con

6.5MEDIUM

CVE-2016-8619

< 7.51.0

The function read_data() in security.c in curl before version 7.51.0 is vulnerable to memory double free.

5.3MEDIUM

CVE-2016-8616

< 7.51.0

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user nam

3.7LOW

CVE-2016-8615

< 7.51.0

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used f

5.3MEDIUM

CVE-2016-8621

< 7.51.0

The curl_getdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one

5.3MEDIUM

CVE-2016-8617

< 7.51.0

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receive

3.3LOW

CVE-2016-8624

< 7.51.0

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' char

5.3MEDIUM

CVE-2016-8618

< 7.51.0

The libcurl API function called curl_maprintf() before version 7.51.0 can be tricked into doing a double-free due to an unsafe `

5.3MEDIUM

CVE-2017-2629

< 7.53.0

curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's c

4.3MEDIUM

CVE-2018-0500

>= 7.54.1 and <= 7.60.0

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be expl

9.8CRITICAL

CVE-2018-1000301

>= 7.20.0 and <= 7.59.0

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that

9.1CRITICAL

CVE-2018-1000300

>= 7.54.1 and <= 7.59.0

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of se

9.8CRITICAL

CVE-2016-9594

< 7.52.1

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit rando

6.5MEDIUM

CVE-2016-9586

< 7.52.0

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation

5.9MEDIUM

CVE-2018-1000122

>= 7.20.0 and <= 7.58.0

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cau

9.1CRITICAL

CVE-2018-1000121

>= 7.21.0 and <= 7.58.0

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a

7.5HIGH

CVE-2018-1000120

>= 7.12.3 and <= 7.58.0

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a de

9.8CRITICAL

CVE-2016-9953

>= 7.30.0 and <= 7.51.0

The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schan

9.8CRITICAL

CVE-2016-9952

>= 7.30.0 and <= 7.51.0

The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schan

8.1HIGH

CVE-2017-2628

all versions

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 beca

9.8CRITICAL

CVE-2018-1000007

>= 7.1 and <= 7.57.0

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its

9.8CRITICAL

CVE-2017-8818

all versions

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and applicat

9.8CRITICAL

CVE-2017-8817

>= 7.21.0 and <= 7.56.1

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds re

9.8CRITICAL

CVE-2017-8816

> 7.36.0 and <= 7.56.1

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of servic

9.8CRITICAL

CVE-2017-1000101

all versions

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a s

6.5MEDIUM

CVE-2017-9502

<= 7.54.0

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to se

5.3MEDIUM

CVE-2017-7407

all versions

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive informat

2.4LOW

CVE-2016-4802

<= 7.49.0

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow

7.8HIGH

CVE-2016-3739

all versions

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL a

5.3MEDIUM

CVE-2016-0755

<= 7.46.0

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections,

7.3HIGH

CVE-2016-0754

<= 7.46.0

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive v

5.3MEDIUM

CVE-2015-3237

all versions

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information

CVE-2015-3236

all versions

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a res

CVE-2015-3153

<= 7.42.0

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, w

CVE-2015-3148

all versions

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers t

CVE-2015-3145

all versions

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows rem

CVE-2015-3144

all versions

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote atta

CVE-2015-3143

all versions

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as othe

CVE-2014-3620

<= 7.37.1

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by sett

CVE-2014-3613

<= 7.37.1

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set

CVE-2014-2522

all versions

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that th

CVE-2014-0139

all versions

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP addr

CVE-2014-0138

all versions

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) I

CVE-2014-0015

all versions

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might

CVE-2013-4545

all versions

cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURL

CVE-2013-2174

all versions

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote

CVE-2013-1944

<= 7.29.0

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies,

CVE-2013-2617

all versions

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

CVE-2013-0249

all versions

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 thro

CVE-2012-0036

all versions

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which

CVE-2011-3389

>= 7.10.6 and <= 7.23.1

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google

CVE-2010-3842

all versions

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows re

CVE-2010-0734

all versions

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data

CVE-2009-2417

all versions

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain n

CVE-2009-0037

all versions

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Loc

CVE-2006-1061

all versions

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a T

CVE-2005-4077

all versions

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and

CVE-2005-3185

all versions

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2,

CVE-2005-0490

all versions

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers

8.8HIGH

CVE-2000-0973

all versions

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary comm