curl 7.6 — Vulnerabilities

Critical 9.8 Unfixed

2018-03-12≤ 7.6.1

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

CVE

Critical 9.8

2020-02-21≤ 7.6.1

CVE

Critical 9.8

2018-01-24≤ 7.6.1

curl: HTTP authentication leak in redirects

CVE

High 8.8

2005-02-21≤ 7.6.1

security flaw

CVE

High 7.5

2018-08-23≤ 7.6.1

CVE

Medium 6.8

2009-03-05≤ 7.6.1

curl: local file access via unsafe redirects

CVE

Medium 6.5

2022-06-01≤ 7.6.1

curl: auth/cookie leak on redirect

CVE

Medium 5.9

2018-04-23≤ 7.6.1

curl: printf floating point buffer overflow

CVE

Medium 5.7

2022-06-01≤ 7.6.1

curl: credential leak on redirect

CVE

Medium 5.3

2016-01-29≤ 7.6.1

CVE

Medium 5.3

2018-07-31≤ 7.6.1

curl: Invalid URL parsing with '#'

CVE

Medium 5.3

2018-08-01≤ 7.6.1

curl: Double-free in krb5 code

CVE

Medium 5.3

2018-07-31≤ 7.6.1

curl: Double-free in curl_maprintf

CVE

Medium 5.3

2018-08-01≤ 7.6.1

curl: Cookie injection for other servers

CVE

Medium 5.0

2013-04-29≤ 7.6.1

curl: Cookie domain suffix match vulnerability

CVE

Medium 5.0

2014-11-18≤ 7.6.1

curl: incorrect handling of IP addresses in cookie domain

CVE

Medium 5.0

2015-05-01≤ 7.6.1

curl: sensitive HTTP server headers also sent to proxies

CVE

Low 3.7

2020-12-14≤ 7.6.1

curl: FTP PASV command response can cause curl to connect to arbitrary host

CVE

Low 3.7

2022-09-23≤ 7.6.1

curl: Incorrect handling of control code characters in cookies

CVE

Low 2.4

2017-04-03≤ 7.6.1

curl: --write-out out of bounds read

CVE

N/A

2009-08-14≤ 7.6.1

CVE

N/A

2015-01-15≤ 7.6.1

CVE

N/A

2016-08-10≤ 7.6.1

CVE

N/A

2021-04-01≤ 7.6.1

CVE