Home/Product/haxx libcurl
Product

haxx libcurl

67 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-0725
>= 7.10.5 and < 8.12.0
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING
7.3HIGH
 CVE-2024-32928
all versions
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a pot
5.9MEDIUM
 CVE-2024-7264
>= 7.32.0 and < 8.9.1
libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactic
6.5MEDIUM
 CVE-2024-6874
all versions
libcurl's URL API function curl_url_get() offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 2
4.3MEDIUM
 CVE-2024-6197
>= 8.6.0 and < 8.9.0
libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and re
7.5HIGH
 CVE-2023-38546
>= 7.9.1 and < 8.4.0
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions
3.7LOW
 CVE-2023-38545
>= 7.69.0 and < 8.4.0
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name t
9.8CRITICAL
 CVE-2023-27538
>= 7.16.1 and < 8.0.0
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection d
5.5MEDIUM
 CVE-2023-27537
all versions
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduce
5.9MEDIUM
 CVE-2023-27536
>= 7.22.0 and <= 7.88.1
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously establishe
5.9MEDIUM
 CVE-2023-27535
>= 7.13.0 and <= 7.88.1
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong crede
5.9MEDIUM
 CVE-2021-22945
>= 7.73.0 and <= 7.78.0
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an alr
9.1CRITICAL
 CVE-2021-22924
>= 7.10.4 and < 7.77.0
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.
3.7LOW
 CVE-2021-22890
>= 7.63.0 and <= 7.75.0
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad han
3.7LOW
 CVE-2021-22876
>= 7.1.1 and <= 7.75.0
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leak
5.3MEDIUM
 CVE-2020-8286
>= 7.41.0 and < 7.74.0
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the O
7.5HIGH
 CVE-2020-8285
>= 7.21.0 and < 7.74.0
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match pa
7.5HIGH
 CVE-2020-8231
>= 7.29.0 and <= 7.71.1
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
7.5HIGH
 CVE-2019-5436
>= 7.19.4 and <= 7.64.1
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.
7.8HIGH
 CVE-2019-3823
>= 7.34.0 and < 7.64.0
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response
4.3MEDIUM
 CVE-2019-3822
>= 7.36.0 and < 7.64.0
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing N
9.8CRITICAL
 CVE-2018-16890
>= 7.36.0 and < 7.64.0
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NT
7.5HIGH
 CVE-2018-14618
< 7.61.1
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core
7.5HIGH
 CVE-2016-8622
< 7.51.0
The URL percent-encoding decode function in libcurl before 7.51.0 is called curl_easy_unescape. Internally, even if this functio
3.7LOW
 CVE-2017-7468
>= 7.52.0 and <= 7.53.1
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate h
4.8MEDIUM
 CVE-2018-1000005
>= 7.49.0 and <= 7.57.0
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://gith
9.1CRITICAL
 CVE-2017-8818
all versions
curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and applicat
9.8CRITICAL
 CVE-2017-8817
> 7.21.0 and <= 7.56.1
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds re
9.8CRITICAL
 CVE-2017-8816
>= 7.36.0 and <= 7.56.1
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of servic
9.8CRITICAL
 CVE-2017-1000257
>= 7.20.0 and <= 7.56.0
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero
9.1CRITICAL
 CVE-2017-1000254
all versions
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs i
7.5HIGH
 CVE-2017-1000100
all versions
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the
6.5MEDIUM
 CVE-2017-1000099
all versions
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like hea
6.5MEDIUM
 CVE-2016-7167
<= 7.50.2
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions i
9.8CRITICAL
 CVE-2016-7141
<= 7.50.1
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers t
7.5HIGH
 CVE-2016-5421
<= 7.50.0
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspec
8.1HIGH
 CVE-2016-5420
<= 7.50.0
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow re
7.5HIGH
 CVE-2016-5419
<= 7.50.0
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote
7.5HIGH
 CVE-2015-3237
all versions
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information
 CVE-2015-3236
all versions
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a res
 CVE-2015-3153
<= 7.42.0
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, w
 CVE-2015-3148
all versions
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers t
 CVE-2015-3145
all versions
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows rem
 CVE-2015-3144
all versions
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote atta
 CVE-2015-3143
all versions
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as othe
 CVE-2014-8151
all versions
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka
 CVE-2014-8150
all versions
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject
 CVE-2014-3620
<= 7.37.1
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by sett
 CVE-2014-3613
<= 7.37.1
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set
 CVE-2014-3707
all versions
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not p
 CVE-2014-2522
all versions
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that th
 CVE-2014-0139
all versions
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP addr
 CVE-2014-0138
all versions
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) I
 CVE-2014-0015
all versions
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might
 CVE-2013-6422
all versions
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also
 CVE-2013-4545
all versions
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURL
 CVE-2013-2174
all versions
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote
 CVE-2013-1944
<= 7.29.0
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies,
 CVE-2013-0249
all versions
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 thro
 CVE-2012-0036
all versions
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which
 CVE-2011-2192
>= 7.10.6 and <= 7.21.6
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always
 CVE-2010-0734
all versions
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data
 CVE-2009-2417
all versions
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain n
 CVE-2009-0037
all versions
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Loc
 CVE-2007-3564
all versions
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates,
 CVE-2005-3185
all versions
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2,
 CVE-2005-0490
all versions
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers
8.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin