curl 7.9

Status EOLSupport 2001-09 – 2002-10Latest 7.9.0Vulnerabilities 37← All curl versions
Critical 9.8 Unfixed
2018-03-12≤ 7.9.8

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

CVE
Critical 9.8
2020-02-21≤ 7.9.8

CVE
Critical 9.8
2018-01-24≤ 7.9.8

curl: HTTP authentication leak in redirects

CVE
Critical 9.8
2022-12-05≤ 7.9.8

curl: POST following PUT confusion

CVE
Critical 9.8
2023-03-30≤ 7.9.8

curl: TELNET option IAC injection

CVE
High 8.8
2005-02-21≤ 7.9.8

security flaw

CVE
High 7.5
2018-08-23≤ 7.9.8

CVE
Medium 6.8
2009-03-05≤ 7.9.8

curl: local file access via unsafe redirects

CVE
Medium 6.8
2013-07-31≤ 7.9.8

curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs

CVE
Medium 6.5 Unfixed
2026-03-11≤ 7.9.8

wrong proxy connection reuse with credentials

CVE
Medium 6.5
2022-06-01≤ 7.9.8

curl: auth/cookie leak on redirect

CVE
Medium 5.9
2018-04-23≤ 7.9.8

curl: printf floating point buffer overflow

CVE
Medium 5.9
2023-05-26≥ 7.9.8

curl: siglongjmp race condition may lead to crash

CVE
Medium 5.7
2022-06-01≤ 7.9.8

curl: credential leak on redirect

CVE
Medium 5.3
2016-01-29≤ 7.9.8

CVE
Medium 5.3
2018-07-31≤ 7.9.8

curl: Invalid URL parsing with '#'

CVE
Medium 5.3
2018-08-01≤ 7.9.8

curl: Double-free in krb5 code

CVE
Medium 5.3
2018-07-31≤ 7.9.8

curl: Double-free in curl_maprintf

CVE
Medium 5.3
2018-08-01≤ 7.9.8

curl: Cookie injection for other servers

CVE
Medium 5.3
2021-08-05≤ 7.9.8

curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

CVE
Medium 5.3
2023-05-26≤ 7.9.8

curl: more POST-after-PUT confusion

CVE
Medium 5.0
2013-04-29≤ 7.9.8

curl: Cookie domain suffix match vulnerability

CVE
Medium 5.0
2014-11-18≤ 7.9.8

curl: incorrect handling of IP addresses in cookie domain

CVE
Medium 5.0
2015-05-01≤ 7.9.8

curl: sensitive HTTP server headers also sent to proxies

CVE
Low 3.7
2018-08-01≤ 7.9.8

curl: Case insensitive password comparison

CVE
Low 3.7
2020-12-14≤ 7.9.8

curl: FTP PASV command response can cause curl to connect to arbitrary host

CVE
Low 3.7
2022-09-23≤ 7.9.8

curl: Incorrect handling of control code characters in cookies

CVE
Low 3.3
2018-07-31≤ 7.9.8

curl: Out-of-bounds write via unchecked multiplication

CVE
Low 3.1
2021-06-11≤ 7.9.8

curl: TELNET stack contents disclosure

CVE
Low 2.4
2017-04-03≤ 7.9.8

curl: --write-out out of bounds read

CVE
N/A
2009-08-14≤ 7.9.8

CVE
N/A
2015-01-15≤ 7.9.8

CVE
N/A
2016-08-10≤ 7.9.8

CVE
N/A
2016-08-10≤ 7.9.8

CVE
N/A
2017-10-06≤ 7.9.8

CVE
N/A
2021-04-01≤ 7.9.8

CVE
N/A
2023-10-18≥ 7.9.1

CVE