Debian Curl vulnerabilities

CVE-2021-22890 [LOW] CVE-2021-22890: curl - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicio... curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When

CVE-2021-22897 [MEDIUM] CVE-2021-22897: curl - curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong sessio... curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transf

CVE-2020-8231 [HIGH] CVE-2020-8231: curl - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wron... Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. Scope: local bookworm: resolved (fixed in 7.72.0-1) bullseye: resolved (fixed in 7.72.0-1) forky: resolved (fixed in 7.72.0-1) sid: resolved (fixed in 7.72.0-1) trixie: resolved (fixed in 7.72.0-1)

CVE-2020-8177 [HIGH] CVE-2020-8177: curl - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for fi... curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. Scope: local bookworm: resolved (fixed in 7.72.0-1) bullseye: resolved (fixed in 7.72.0-1) forky: resolved (fixed in 7.72.0-1) sid: resolved (fixed in 7.72.0-1) trixie: resolved (fixed in 7.72.0-1)

CVE-2020-8285 [HIGH] CVE-2020-8285: curl - curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due ... curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Scope: local bookworm: resolved (fixed in 7.74.0-1) bullseye: resolved (fixed in 7.74.0-1) forky: resolved (fixed in 7.74.0-1) sid: resolved (fixed in 7.74.0-1) trixie: resolved (fixed in 7.74.0-1)

CVE-2020-8169 [HIGH] CVE-2020-8169: curl - curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerabil... curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). Scope: local bookworm: resolved (fixed in 7.72.0-1) bullseye: resolved (fixed in 7.72.0-1) forky: resolved (fixed in 7.72.0-1) sid: resolved (fixed in 7.72.0-1) trixie: resolved (fixed in 7.72.0-1)

CVE-2020-8286 [HIGH] CVE-2020-8286: curl - curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate re... curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Scope: local bookworm: resolved (fixed in 7.74.0-1) bullseye: resolved (fixed in 7.74.0-1) forky: resolved (fixed in 7.74.0-1) sid: resolved (fixed in 7.74.0-1) trixie: resolved (fixed in 7.74.0-1)

CVE-2020-8284 [LOW] CVE-2020-8284: curl - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlie... A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. Scope: local bookworm: resolved (fixed in 7.74.0-1) bullsey

CVE-2020-19909 [LOW] CVE-2020-19909: curl - Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large valu... Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. T

CVE-2019-3822 [CRITICAL] CVE-2019-3822: curl - libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based bu... libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implem

CVE-2019-5482 [CRITICAL] CVE-2019-5482: curl - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Scope: local bookworm: resolved (fixed in 7.66.0-1) bullseye: resolved (fixed in 7.66.0-1) forky: resolved (fixed in 7.66.0-1) sid: resolved (fixed in 7.66.0-1) trixie: resolved (fixed in 7.66.0-1)

CVE-2019-5481 [CRITICAL] CVE-2019-5481: curl - Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Scope: local bookworm: resolved (fixed in 7.66.0-1) bullseye: resolved (fixed in 7.66.0-1) forky: resolved (fixed in 7.66.0-1) sid: resolved (fixed in 7.66.0-1) trixie: resolved (fixed in 7.66.0-1)

CVE-2019-5436 [HIGH] CVE-2019-5436: curl - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary co... A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Scope: local bookworm: resolved (fixed in 7.64.0-4) bullseye: resolved (fixed in 7.64.0-4) forky: resolved (fixed in 7.64.0-4) sid: resolved (fixed in 7.64.0-4) trixie: resolved (fixed in 7.64.0-4)

CVE-2019-3823 [MEDIUM] CVE-2019-3823: curl - libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bo... libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be r

CVE-2019-5435 [LOW] CVE-2019-5435: curl - An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.... An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. Scope: local bookworm: resolved (fixed in 7.64.0-4) bullseye: resolved (fixed in 7.64.0-4) forky: resolved (fixed in 7.64.0-4) sid: resolved (fixed in 7.64.0-4) trixie: resolved (fixed in 7.64.0-4)

CVE-2019-5443 [HIGH] CVE-2019-5443: curl - A non-privileged user or program can put code and a config file in a known non-p... A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trix

CVE-2018-1000005 [CRITICAL] CVE-2018-1000005: curl - libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handl... libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer dat

CVE-2018-16840 [CRITICAL] CVE-2018-16840: curl - A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1... A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed str

CVE-2018-1000301 [CRITICAL] CVE-2018-1000301: curl - curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer... curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl = 7.60.0. Scope: local bookworm: resolved (fixed

CVE-2018-1000122 [CRITICAL] CVE-2018-1000122: curl - A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTS... A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage Scope: local bookworm: resolved (fixed in 7.60.0-1) bullseye: resolved (fixed in 7.60.0-1) forky: resolved (fixed in 7.60.0-1) sid: resolved (fixed in 7.60.0-1) trixie: resolved (fixed in