Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libcurl vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 up to and including 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Haxx Libcurl
Apple Mac Os X
Fedoraproject Fedora 14
Fedoraproject Fedora 15
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
5
CVSSv2
CVE-2019-3823
libcurl versions from 7.34.0 to prior to 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
4.3
CVSSv2
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as ...
Haxx Libcurl
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Storage Node -
Broadcom Fabric Operating System -
Debian Debian Linux 9.0
Siemens Sinec Infrastructure Network Services
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Essbase 21.2
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5.8
CVSSv2
CVE-2021-22945
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
Haxx Libcurl
Fedoraproject Fedora 33
Fedoraproject Fedora 35
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Oracle Mysql Server
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp Solidfire Baseboard Management Controller Firmware -
Apple Macos
Siemens Sinec Ins
Debian Debian Linux 11.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
1 Github repository
5
CVSSv2
CVE-2015-3153
The default configuration for cURL and libcurl prior to 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center
Haxx Libcurl
Haxx Curl
Canonical Ubuntu Linux 15.1
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Apple Mac Os X 10.10.4
Debian Debian Linux 8.0
5
CVSSv2
CVE-2021-22876
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Refe...
Haxx Libcurl
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Storage Node -
Netapp Hci Compute Node -
Broadcom Fabric Operating System -
Debian Debian Linux 9.0
Siemens Sinec Infrastructure Network Services
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Essbase 21.2
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
4.6
CVSSv2
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 up to and including 7.64.1.
Haxx Libcurl
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Debian Debian Linux 10.0
F5 Traffix Signaling Delivery Controller
Netapp Steelstore Cloud Integrated Storage -
Netapp Solidfire -
Netapp Hci Management Node -
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Mysql Server
Oracle Oss Support Tools 20.0
NA
CVE-2023-38545
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 byte...
Haxx Libcurl
Fedoraproject Fedora 37
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 23h2
Microsoft Windows 10 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
9 Github repositories
2 Articles
5
CVSSv2
CVE-2018-16890
libcurl versions from 7.36.0 to prior to 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vul...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Siemens Sinema Remote Connect Client
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Redhat Enterprise Linux 8.0
F5 Big-ip Access Policy Manager
1 Github repository
5
CVSSv2
CVE-2012-6070
Falconpl prior to 0.9.6.9-git20120606 misuses the libcurl API which may allow remote malicious users to interfere with security checks.
Falconpl Falconpl
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »