Haxx Curl vulnerabilities

CVE-2018-16839 [CRITICAL] CWE-122 CVE-2018-16839: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication co Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

CVE-2023-27533 [HIGH] CWE-75 CVE-2023-27533: A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protoc A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This v

CVE-2022-32207 [CRITICAL] CWE-840 CVE-2022-32207: When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomi When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than inten

CVE-2016-5420 [HIGH] CVE-2016-5420: curl and libcurl before 7 curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

CVE-2016-7167 [CRITICAL] CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7 Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

CVE-2019-5481 [CRITICAL] CWE-415 CVE-2019-5481: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

CVE-2018-1000300 [CRITICAL] CWE-787 CVE-2018-1000300: curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl = 7.

CVE-2022-42915 [HIGH] CWE-415 CVE-2022-42915: curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to spe

CVE-2022-22576 [HIGH] CWE-287 CVE-2022-22576: An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might a An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only

CVE-2022-32206 [MEDIUM] CWE-770 CVE-2022-32206: curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be c curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a

CVE-2012-0036 [HIGH] CVE-2012-0036: curl and libcurl 7 curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

CVE-2020-8285 [HIGH] CVE-2020-8285: curl 7 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

CVE-2016-4606 [CRITICAL] CVE-2016-4606: Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.

CVE-2016-0755 [HIGH] CVE-2016-0755: The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-au The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

CVE-2016-8618 [CRITICAL] CWE-416 CVE-2016-8618: The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

CVE-2021-22946 [HIGH] CWE-325 CVE-2021-22946: A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate re

CVE-2016-7141 [HIGH] CVE-2016-7141: curl and libcurl before 7 curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

CVE-2017-8816 [CRITICAL] CWE-190 CVE-2017-8816: The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attacke The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

CVE-2018-1000122 [CRITICAL] CWE-125 CVE-2018-1000122: A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

CVE-2016-8619 [CRITICAL] CWE-416 CVE-2016-8619: The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory doubl The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.