Docs Overview Changelog Release Table Security Problems Version Nums Vulnerabilities
curl / Docs / Release Docs / Security Problems

curl security problems

Related:
Changelog
FAQ
Security Problems
Security Process
Vulnerabilities Table

We take security seriously and develop curl and libcurl to be secure and safe.

If you find or simply suspect a security problem in curl or libcurl, mail us at curl-security at haxx.se (closed list of receivers, mails are not disclosed) and tell.

We appreciate getting notified in advance before you go public with security advisories for the sake of our users.

See also the Vulnerabilities Table to see what versions that are vulnerable to what flaws.

All known prior vulnerabilities

# Vulnerability Date First Last CVE CWE
78 RTSP RTP buffer over-read March 14, 2018 7.20.0 7.58.0 CVE-2018-1000122 CWE-126: Buffer Over-read
77 LDAP NULL pointer dereference March 14, 2018 7.21.0 7.58.0 CVE-2018-1000121 CWE-476: NULL Pointer Dereference
76 FTP path trickery leads to NIL byte out of bounds write March 14, 2018 7.12.3 7.58.0 CVE-2018-1000120 CWE-122: Heap-based Buffer Overflow
75 HTTP authentication leak in redirects January 24, 2018 6.0 7.57.0 CVE-2018-1000007 CWE-522: Insufficiently Protected Credentials
74 HTTP/2 trailer out-of-bounds read January 24, 2018 7.49.0 7.57.0 CVE-2018-1000005 CWE-126: Buffer Over-read
73 SSL out of buffer access November 29, 2017 7.56.0 7.56.1 CVE-2017-8818 CWE-125: Out-of-bounds Read
72 FTP wildcard out of bounds read November 29, 2017 7.21.0 7.56.1 CVE-2017-8817 CWE-126: Buffer Over-read
71 NTLM buffer overflow via integer overflow November 29, 2017 7.36.0 7.56.1 CVE-2017-8816 CWE-131: Incorrect Calculation of Buffer Size
70 IMAP FETCH response out of bounds read October 12, 2017 7.20.0 7.56.0 CVE-2017-1000257 CWE-126: Buffer Over-read
69 FTP PWD response parser out of bounds read October 04, 2017 7.7 7.55.1 CVE-2017-1000254 CWE-126: Buffer Over-read
68 URL globbing out of bounds read August 09, 2017 7.34.0 7.54.1 CVE-2017-1000101 CWE-126: Buffer Over-read
67 TFTP sends more than buffer size August 09, 2017 7.15.0 7.54.1 CVE-2017-1000100 CWE-126: Buffer Over-read
66 FILE buffer read out of bounds August 09, 2017 7.54.1 7.54.1 CVE-2017-1000099 CWE-170: Improper Null Termination
65 URL file scheme drive letter buffer overflow June 14, 2017 7.53.0 7.54.0 CVE-2017-9502 CWE-122: Heap-based Buffer Overflow
64 TLS session resumption client cert bypass (again) April 19, 2017 7.52.0 7.53.1 CVE-2017-7468 CWE-305: Authentication Bypass by Primary Weakness
63 --write-out out of buffer read April 03, 2017 6.5 7.53.1 CVE-2017-7407 CWE-126: Buffer Over-read
62 SSL_VERIFYSTATUS ignored February 22, 2017 7.52.0 7.52.1 CVE-2017-2629 CWE-304: Missing Critical Step in Authentication
61 uninitialized random December 23, 2016 7.52.0 7.52.0 CVE-2016-9594 CWE-330: Use of Insufficiently Random Values
60 printf floating point buffer overflow December 21, 2016 7.1 7.51.0 CVE-2016-9586 CWE-121: Stack-based Buffer Overflow
59 Win CE schannel cert wildcard matches too much December 21, 2016 7.30.0 7.51.0 CVE-2016-9952 CWE-295: Improper Certificate Validation
58 Win CE schannel cert name out of buffer read December 21, 2016 7.30.0 7.51.0 CVE-2016-9953 CWE-126: Buffer Over-read
57 cookie injection for other servers November 02, 2016 7.1 7.50.3 CVE-2016-8615 CWE-187: Partial Comparison
56 case insensitive password comparison November 02, 2016 7.7 7.50.3 CVE-2016-8616 CWE-178: Improper Handling of Case Sensitivity
55 OOB write via unchecked multiplication November 02, 2016 7.1 7.50.3 CVE-2016-8617 CWE-131: Incorrect Calculation of Buffer Size
54 double-free in curl_maprintf November 02, 2016 7.1 7.50.3 CVE-2016-8618 CWE-415: Double Free
53 double-free in krb5 code November 02, 2016 7.3 7.50.3 CVE-2016-8619 CWE-415: Double Free
52 glob parser write/read out of bounds November 02, 2016 7.34.0 7.50.3 CVE-2016-8620 CWE-122: Heap-based Buffer Overflow
51 curl_getdate read out of bounds November 02, 2016 7.12.2 7.50.3 CVE-2016-8621 CWE-126: Buffer Over-read
50 URL unescape heap overflow via integer truncation November 02, 2016 7.24.0 7.50.3 CVE-2016-8622 CWE-122: Heap-based Buffer Overflow
49 Use-after-free via shared cookies November 02, 2016 7.10.7 7.50.3 CVE-2016-8623 CWE-416: Use After Free
48 invalid URL parsing with '#' November 02, 2016 7.1 7.50.3 CVE-2016-8624 CWE-172: Encoding Error
47 IDNA 2003 makes curl use wrong host November 02, 2016 7.12.0 7.50.3 CVE-2016-8625 CWE-838: Inappropriate Encoding for Output Context
46 curl escape and unescape integer overflows September 14, 2016 7.11.1 7.50.2 CVE-2016-7167 CWE-131: Incorrect Calculation of Buffer Size
45 Incorrect reuse of client certificates September 07, 2016 7.19.6 7.50.1 CVE-2016-7141 CWE-305: Authentication Bypass by Primary Weakness
44 TLS session resumption client cert bypass August 03, 2016 7.1 7.50.0 CVE-2016-5419 CWE-305: Authentication Bypass by Primary Weakness
43 Re-using connections with wrong client cert August 03, 2016 7.1 7.50.0 CVE-2016-5420 CWE-305: Authentication Bypass by Primary Weakness
42 use of connection struct after free August 03, 2016 7.32.0 7.50.0 CVE-2016-5421 CWE-416: Use After Free
41 Windows DLL hijacking May 30, 2016 7.11.1 7.49.0 CVE-2016-4802 CWE-94: Improper Control of Generation of Code ('Code Injection')
40 TLS certificate check bypass with mbedTLS/PolarSSL May 18, 2016 7.21.0 7.48.0 CVE-2016-3739 CWE-305: Authentication Bypass by Primary Weakness
39 remote file name path traversal in curl tool for Windows January 27, 2016 7.20.0 7.46.0 CVE-2016-0754 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
38 NTLM credentials not-checked for proxy connection re-use January 27, 2016 7.10.7 7.46.0 CVE-2016-0755 CWE-305: Authentication Bypass by Primary Weakness
37 SMB send off unrelated memory contents June 17, 2015 7.40.0 7.42.1 CVE-2015-3237 CWE-126: Buffer Over-read
36 lingering HTTP credentials in connection re-use June 17, 2015 7.40.0 7.42.1 CVE-2015-3236 CWE-305: Authentication Bypass by Primary Weakness
35 sensitive HTTP server headers also sent to proxies April 29, 2015 7.1 7.42.0 CVE-2015-3153 CWE-201: Information Exposure Through Sent Data
34 host name out of boundary memory access April 22, 2015 7.37.0 7.41.0 CVE-2015-3144 CWE-124: Buffer Underwrite ('Buffer Underflow')
33 cookie parser out of boundary memory access April 22, 2015 7.31.0 7.41.0 CVE-2015-3145 CWE-124: Buffer Underwrite ('Buffer Underflow')
32 Negotiate not treated as connection-oriented April 22, 2015 7.10.6 7.41.0 CVE-2015-3148 CWE-305: Authentication Bypass by Primary Weakness
31 Re-using authenticated connection when unauthenticated April 22, 2015 7.10.6 7.41.0 CVE-2015-3143 CWE-305: Authentication Bypass by Primary Weakness
30 darwinssl certificate check bypass January 08, 2015 7.31.0 7.39.0 CVE-2014-8151 CWE-305: Authentication Bypass by Primary Weakness
29 URL request injection January 08, 2015 6.0 7.39.0 CVE-2014-8150 CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
28 duphandle read out of bounds November 05, 2014 7.17.1 7.38.0 CVE-2014-3707 CWE-126: Buffer Over-read
27 cookie leak for TLDs September 10, 2014 7.31.0 7.37.1 CVE-2014-3620 CWE-201: Information Exposure Through Sent Data
26 cookie leak with IP address as domain September 10, 2014 7.1 7.37.1 CVE-2014-3613 CWE-201: Information Exposure Through Sent Data
25 not verifying certs for TLS to IP address / Winssl March 26, 2014 7.26.0 7.35.0 CVE-2014-2522 CWE-305: Authentication Bypass by Primary Weakness
24 not verifying certs for TLS to IP address / Darwinssl March 26, 2014 7.26.0 7.35.0 CVE-2014-1263 CWE-305: Authentication Bypass by Primary Weakness
23 IP address wildcard certificate validation March 26, 2014 7.1 7.35.0 CVE-2014-0139 CWE-305: Authentication Bypass by Primary Weakness
22 wrong re-use of connections March 26, 2014 7.10.7 7.35.0 CVE-2014-0138 CWE-305: Authentication Bypass by Primary Weakness
21 re-use of wrong HTTP NTLM connection January 29, 2014 7.10.6 7.34.0 CVE-2014-0015
20 cert name check ignore GnuTLS December 17, 2013 7.21.4 7.33.0 CVE-2013-6422 CWE-305: Authentication Bypass by Primary Weakness
19 cert name check ignore OpenSSL November 15, 2013 7.18.0 7.32.0 CVE-2013-4545 CWE-305: Authentication Bypass by Primary Weakness
18 URL decode buffer boundary flaw June 22, 2013 7.7 7.30.0 CVE-2013-2174 CWE-126: Buffer Over-read
17 cookie domain tailmatch April 12, 2013 6.0 7.29.0 CVE-2013-1944 CWE-201: Information Exposure Through Sent Data
16 SASL buffer overflow February 06, 2013 7.26.0 7.28.1 CVE-2013-0249 CWE-121: Stack-based Buffer Overflow
15 SSL CBC IV vulnerability January 24, 2012 7.10.6 7.23.1 CVE-2011-3389 CWE-924: Improper Enforcement of Message Integrity
14 URL sanitization vulnerability January 24, 2012 7.20.0 7.23.1 CVE-2012-0036 CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
13 inappropriate GSSAPI delegation June 23, 2011 7.10.6 7.21.6 CVE-2011-2192
12 local file overwrite October 13, 2010 7.20.0 7.21.1 CVE-2010-3842
11 data callback excessive length February 09, 2010 7.10.5 7.19.7 CVE-2010-0734
10 embedded zero in cert name August 12, 2009 7.4 7.19.5 CVE-2009-2417
9 Arbitrary File Access March 03, 2009 6.0 7.19.3 CVE-2009-0037
8 GnuTLS insufficient cert verification July 10, 2007 7.14.0 7.16.3 CVE-2007-3564
7 TFTP Packet Buffer Overflow March 20, 2006 7.15.0 7.15.2 CVE-2006-1061
6 URL Buffer Overflow December 07, 2005 7.11.2 7.15.0 CVE-2005-4077
5 NTLM Buffer Overflow October 13, 2005 7.10.6 7.14.1 CVE-2005-3185
4 Kerberos Authentication Buffer Overflow February 21, 2005 7.3 7.13.0 CVE-2005-0490
3 NTLM Authentication Buffer Overflow February 21, 2005 7.10.6 7.13.0 CVE-2005-0490
2 Proxy Authentication Header Information Leakage August 03, 2003 7.1 7.10.6 [missing]
1 FTP Server Response Buffer Overflow October 13, 2000 6.0 7.4 CVE-2000-0973