Haxx Curl vulnerabilities

CVE-2021-22890 [LOW] CVE-2021-22890: curl 7 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session tic

CVE-2023-28322 [LOW] CWE-200 CVE-2023-28322: An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surp

CVE-2024-2004 [LOW] CWE-436 CVE-2024-2004: When a protocol selection parameter option disables all protocols without adding any then the defaul When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.s

CVE-2022-35252 [LOW] CWE-20 CVE-2022-35252: When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using contr When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

CVE-2024-11053 [LOW] CVE-2024-11053: When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login

CVE-2025-0167 [LOW] CVE-2025-0167: When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.

CVE-2025-15224 [LOW] CWE-287 CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

CVE-2005-4077 [MEDIUM] CVE-2005-4077: Multiple off-by-one errors in the cURL library (libcurl) 7 Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a

CVE-2020-19909 [LOW] CWE-190 CVE-2020-19909: Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than wh

CVE-2017-7407 [LOW] CWE-119 CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attacker The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.