Haxx Curl vulnerabilities

CVE-2006-1061 [HIGH] CVE-2006-1061: Heap-based buffer overflow in cURL and libcURL 7 Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.

CVE-2016-8625 [HIGH] CWE-20 CVE-2016-8625: curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

CVE-2013-2174 [MEDIUM] CWE-119 CVE-2013-2174: Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7. Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

CVE-2022-27775 [HIGH] CWE-200 CVE-2022-27775: An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

CVE-2007-3564 [HIGH] CVE-2007-3564: libcurl 7 libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.

CVE-2016-9953 [CRITICAL] CWE-125 CVE-2016-9953: The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.

CVE-2015-3148 [MEDIUM] CWE-284 CVE-2015-3148: cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, w cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2005-3185 [HIGH] CVE-2005-3185: Stack-based buffer overflow in the ntlm_output function in http-ntlm Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

CVE-2019-3823 [HIGH] CVE-2019-3823: libcurl versions from 7 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

CVE-2016-9594 [HIGH] CWE-665 CVE-2016-9594: curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function t curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.

CVE-2016-8623 [HIGH] CWE-416 CVE-2016-8623: A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads t A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.

CVE-2022-27781 [HIGH] CWE-400 CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returne libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

CVE-2022-27780 [HIGH] CWE-177 CVE-2022-27780: The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host na The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flaw

CVE-2026-6276 [HIGH] CWE-319 CVE-2026-6276: Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.

CVE-2024-9681 [MEDIUM] CWE-697 CVE-2024-9681: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's ca When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where

CVE-2016-9952 [HIGH] CWE-295 CVE-2016-9952: The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."

CVE-2020-8177 [HIGH] CWE-99 CVE-2020-8177: curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resour curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

CVE-2017-7468 [HIGH] CVE-2017-7468: In curl and libcurl 7 In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous

CVE-2023-46218 [MEDIUM] CWE-178 CVE-2023-46218: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a giv

CVE-2009-2417 [MEDIUM] CVE-2009-2417: lib/ssluse lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.