Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-43551 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
network
low complexity
haxx fedoraproject CWE-319
7.5
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in Haxx Curl
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx CWE-668
critical
9.8
2022-12-05 CVE-2022-35260 Out-of-bounds Write vulnerability in Haxx Curl 7.84.0/7.85.0
curl can be told to parse a `.netrc` file for credentials.
network
low complexity
haxx CWE-787
6.5
2022-10-29 CVE-2022-42915 Double Free vulnerability in multiple products
curl before 7.86.0 has a double free.
network
low complexity
haxx fedoraproject netapp CWE-415
critical
9.8
2022-10-29 CVE-2022-42916 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP.
network
low complexity
haxx fedoraproject CWE-319
7.5
2022-09-23 CVE-2022-35252 When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses.
network
high complexity
haxx netapp
3.7
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
network
low complexity
haxx fedoraproject debian netapp apple CWE-770
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
network
low complexity
haxx fedoraproject debian netapp CWE-770
6.5
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple CWE-276
critical
9.8
2022-07-07 CVE-2022-32208 Out-of-bounds Write vulnerability in multiple products
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
network
high complexity
haxx fedoraproject debian netapp apple CWE-787
5.9