Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libcurl vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-2629
curl prior to 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even whe...
Haxx Curl
5
CVSSv2
CVE-2017-7468
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the ol...
Haxx Libcurl
4.6
CVSSv2
CVE-2017-7836
The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requir...
Mozilla Firefox
9.3
CVSSv2
CVE-2016-10614
httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is ...
Httpsync Project Httpsync -
6.8
CVSSv2
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Haxx Curl
6.8
CVSSv2
CVE-2016-9952
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 up to and including 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote malicious users to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server ce...
Haxx Curl
1 Github repository
7.5
CVSSv2
CVE-2016-9953
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 up to and including 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote malicious users to obtain sensitive information, cause a denial of service (crash), or possibly have unspec...
Haxx Curl
1 Github repository
6.4
CVSSv2
CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The pr...
Haxx Libcurl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
1 Article
7.5
CVSSv2
CVE-2017-8818
curl and libcurl prior to 7.57.0 on 32-bit platforms allow malicious users to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.
Haxx Curl 7.56.1
Haxx Libcurl 7.56.0
Haxx Libcurl 7.56.1
Haxx Curl 7.56.0
4.3
CVSSv2
CVE-2017-1000099
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other priva...
Haxx Libcurl 7.54.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »