curl 7.7

Status EOLSupport 2001-03 – 2001-06Latest 7.7.0Vulnerabilities 34← All curl versions
Critical 9.8 Unfixed
2018-03-12≤ 7.7.3

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

CVE
Critical 9.8
2020-02-21≤ 7.7.3

CVE
Critical 9.8
2018-01-24≤ 7.7.3

curl: HTTP authentication leak in redirects

CVE
Critical 9.8
2022-12-05≥ 7.7.0

curl: POST following PUT confusion

CVE
Critical 9.8
2023-03-30≥ 7.7.0

curl: TELNET option IAC injection

CVE
High 8.8
2005-02-21≤ 7.7.3

security flaw

CVE
High 7.5
2018-08-23≤ 7.7.3

CVE
Medium 6.8
2009-03-05≤ 7.7.3

curl: local file access via unsafe redirects

CVE
Medium 6.8
2013-07-31≥ 7.7.0

curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs

CVE
Medium 6.5 Unfixed
2026-03-11≤ 7.7.3

wrong proxy connection reuse with credentials

CVE
Medium 6.5
2022-06-01≤ 7.7.3

curl: auth/cookie leak on redirect

CVE
Medium 5.9
2018-04-23≤ 7.7.3

curl: printf floating point buffer overflow

CVE
Medium 5.7
2022-06-01≤ 7.7.3

curl: credential leak on redirect

CVE
Medium 5.3
2016-01-29≤ 7.7.3

CVE
Medium 5.3
2018-07-31≤ 7.7.3

curl: Invalid URL parsing with '#'

CVE
Medium 5.3
2018-08-01≤ 7.7.3

curl: Double-free in krb5 code

CVE
Medium 5.3
2018-07-31≤ 7.7.3

curl: Double-free in curl_maprintf

CVE
Medium 5.3
2018-08-01≤ 7.7.3

curl: Cookie injection for other servers

CVE
Medium 5.3
2021-08-05≥ 7.7.0

curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

CVE
Medium 5.3
2023-05-26≥ 7.7.0

curl: more POST-after-PUT confusion

CVE
Medium 5.0
2013-04-29≤ 7.7.3

curl: Cookie domain suffix match vulnerability

CVE
Medium 5.0
2014-11-18≤ 7.7.3

curl: incorrect handling of IP addresses in cookie domain

CVE
Medium 5.0
2015-05-01≤ 7.7.3

curl: sensitive HTTP server headers also sent to proxies

CVE
Low 3.7
2018-08-01≥ 7.7.0

curl: Case insensitive password comparison

CVE
Low 3.7
2020-12-14≤ 7.7.3

curl: FTP PASV command response can cause curl to connect to arbitrary host

CVE
Low 3.7
2022-09-23≤ 7.7.3

curl: Incorrect handling of control code characters in cookies

CVE
Low 3.1
2021-06-11≥ 7.7.0

curl: TELNET stack contents disclosure

CVE
Low 2.4
2017-04-03≤ 7.7.3

curl: --write-out out of bounds read

CVE
N/A
2009-08-14≤ 7.7.3

CVE
N/A
2015-01-15≤ 7.7.3

CVE
N/A
2016-08-10≥ 7.7.0

CVE
N/A
2016-08-10≤ 7.7.3

CVE
N/A
2017-10-06≥ 7.7.0

CVE
N/A
2021-04-01≤ 7.7.3

CVE