Vulnerabilities (CVE)

Vendor filter

Haxx Subscribe

Filter

76 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1000122 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-06-18 6.4
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
CVE-2018-1000120 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-06-18 7.5
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVE-2018-1000007 4 Haxx, Debian, Canonical and 1 more 6 Curl, Debian Linux, Ubuntu Linux and 3 more 2019-06-18 5.0
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to...
CVE-2018-1000005 3 Haxx, Debian, Canonical 3 Libcurl, Debian Linux, Ubuntu Linux 2019-06-18 6.4
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was...
CVE-2019-5436 1 Haxx 1 Libcurl 2019-06-09 4.6
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2019-5435 1 Haxx 1 Curl 2019-06-09 4.3
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
CVE-2018-16890 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-04-26 5.0
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is...
CVE-2019-3822 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-04-26 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header...
CVE-2019-3823 5 Haxx, Canonical, Debian and 2 more 7 Libcurl, Ubuntu Linux, Debian Linux and 4 more 2019-04-26 5.0
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the...
CVE-2018-1000121 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-04-26 5.0
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
CVE-2018-1000301 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-04-25 6.4
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded...
CVE-2016-8625 1 Haxx 1 Curl 2019-04-25 5.0
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
CVE-2016-8623 1 Haxx 1 Curl 2019-04-25 5.0
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
CVE-2016-8620 1 Haxx 1 Curl 2019-04-25 7.5
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
CVE-2016-8619 1 Haxx 1 Curl 2019-04-25 7.5
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
CVE-2016-8616 1 Haxx 1 Curl 2019-04-25 4.3
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists...
CVE-2013-2174 5 Redhat, Haxx, Canonical and 2 more 6 Ubuntu Linux, Curl, Enterprise Linux and 3 more 2019-04-22 6.8
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string...
CVE-2018-14618 4 Haxx, Canonical, Debian and 1 more 4 Libcurl, Ubuntu Linux, Debian Linux and 1 more 2019-04-22 10.0
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to...
CVE-2018-16839 3 Haxx, Canonical, Debian 3 Curl, Ubuntu Linux, Debian Linux 2019-04-16 7.5
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2018-16842 3 Haxx, Canonical, Debian 3 Curl, Ubuntu Linux, Debian Linux 2019-03-11 6.4
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.