Vulnerabilities (CVE)

Filtered by vendor Haxx Subscribe
Total 89 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22876 5 Broadcom, Debian, Fedoraproject and 2 more 8 Fabric Operating System, Debian Linux, Fedora and 5 more 2021-06-15 5.0 MEDIUM 5.3 MEDIUM
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
CVE-2019-3822 7 Canonical, Debian, Haxx and 4 more 16 Ubuntu Linux, Debian Linux, Libcurl and 13 more 2021-06-15 7.5 HIGH 9.8 CRITICAL
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.
CVE-2020-8286 6 Apple, Debian, Fedoraproject and 3 more 14 Mac Os X, Macos, Debian Linux and 11 more 2021-06-14 5.0 MEDIUM 7.5 HIGH
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2020-8284 3 Debian, Fedoraproject, Haxx 3 Debian Linux, Fedora, Curl 2021-06-14 4.3 MEDIUM 3.7 LOW
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2020-8285 5 Apple, Debian, Fedoraproject and 2 more 12 Mac Os X, Macos, Debian Linux and 9 more 2021-06-14 5.0 MEDIUM 7.5 HIGH
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8169 3 Debian, Haxx, Siemens 4 Debian Linux, Curl, Simatic Tim 1531 Irc and 1 more 2021-06-08 5.0 MEDIUM 7.5 HIGH
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
CVE-2021-22890 5 Broadcom, Debian, Fedoraproject and 2 more 7 Fabric Operating System, Debian Linux, Fedora and 4 more 2021-05-27 4.3 MEDIUM 3.7 LOW
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
CVE-2020-8177 1 Haxx 1 Curl 2021-04-01 4.6 MEDIUM 7.1 HIGH
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVE-2020-8231 1 Haxx 1 Libcurl 2021-04-01 5.0 MEDIUM 7.5 HIGH
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVE-2019-3823 5 Canonical, Debian, Haxx and 2 more 7 Ubuntu Linux, Debian Linux, Libcurl and 4 more 2021-03-09 5.0 MEDIUM 7.5 HIGH
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
CVE-2019-5481 1 Haxx 1 Curl 2020-10-20 7.5 HIGH 9.8 CRITICAL
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482 1 Haxx 1 Curl 2020-10-20 7.5 HIGH 9.8 CRITICAL
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-5435 1 Haxx 1 Curl 2020-10-20 4.3 MEDIUM 3.7 LOW
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
CVE-2019-5443 2 Haxx, Microsoft 2 Curl, Windows 2020-10-20 4.6 MEDIUM 7.8 HIGH
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
CVE-2019-5436 7 Debian, F5, Fedoraproject and 4 more 11 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 8 more 2020-10-20 4.6 MEDIUM 7.8 HIGH
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2018-16890 8 Canonical, Debian, F5 and 5 more 10 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 7 more 2020-09-18 5.0 MEDIUM 7.5 HIGH
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
CVE-2016-8624 1 Haxx 1 Curl 2020-09-14 5.0 MEDIUM 7.5 HIGH
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
CVE-2018-1000007 4 Canonical, Debian, Haxx and 1 more 6 Ubuntu Linux, Debian Linux, Curl and 3 more 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
CVE-2018-0500 2 Canonical, Haxx 2 Ubuntu Linux, Curl 2020-08-24 7.5 HIGH 9.8 CRITICAL
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
CVE-2018-1000300 2 Canonical, Haxx 2 Ubuntu Linux, Curl 2020-08-24 7.5 HIGH 9.8 CRITICAL
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.