curl 7.55

curl: NTLM buffer overflow via integer overflow

curl: FTP wildcard out of bounds read

curl: HTTP authentication leak in redirects

curl: FTP path trickery leads to NIL byte out of bounds write

curl: FTP shutdown response heap-based buffer overflow can potentially lead to RCE

curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP

curl: NTLMv2 type-3 header stack buffer overflow

curl: heap buffer overflow in function tftp_receive_packet()

curl: double free due to subsequent call of realloc()

curl: POST following PUT confusion

curl: TELNET option IAC injection

curl: RTSP RTP buffer over-read

curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service

curl: SFTP path ~ resolving discrepancy

HTTP/2 push headers memory-leak

curl: OAUTH2 bearer bypass in connection re-use

curl: TFTP receive heap buffer overflow in tftp_receive_packet() function

curl: Windows OpenSSL engine code injection

curl: Incorrect argument check can allow remote servers to overwrite local files

curl: LDAP NULL pointer dereference

curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

curl: CERTINFO never-ending busy-loop

curl: TLS and SSH connection too eager reuse

gzip integer overflow

wrong proxy connection reuse with credentials

bad reuse of HTTP Negotiate connection

curl: Content not matching hash in Metalink is not being discarded

curl: auth/cookie leak on redirect

curl: information disclosure by exploiting a mixed case flaw

OCSP stapling bypass with GnuTLS

broken TLS options for threaded LDAPS

curl: Server responses received before STARTTLS processed after TLS handshake

curl: FTP-KRB bad message verification

curl: Use-after-free triggered by an HTTP proxy deny response

curl: siglongjmp race condition may lead to crash

curl: IDN wildcard match may lead to Improper Cerificate Validation

curl: credential leak on redirect

curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

curl: curl: Information disclosure due to incorrect TLS connection reuse

token leak with redirect and netrc

bearer token leak on cross-protocol redirect

curl: Metalink download sends credentials

curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

curl: more POST-after-PUT confusion

curl: Heap-based buffer over-read in the curl tool warning formatting

curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()

curl: FTP PASV command response can cause curl to connect to arbitrary host

curl: Bad connection reuse due to flawed path name checks

curl: Incorrect handling of control code characters in cookies

curl: TELNET stack contents disclosure