Vulnerabilities > Haxx > Curl > 4.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-02 | CVE-2022-27781 | Infinite Loop vulnerability in multiple products libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | 7.5 |
2022-06-02 | CVE-2022-27782 | Improper Certificate Validation vulnerability in multiple products libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. | 7.5 |
2020-12-14 | CVE-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | 3.7 |
2018-08-01 | CVE-2016-8625 | Improper Input Validation vulnerability in Haxx Curl curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. | 7.5 |
2018-08-01 | CVE-2016-8623 | Use After Free vulnerability in Haxx Curl A flaw was found in curl before version 7.51.0. | 7.5 |
2018-08-01 | CVE-2016-8620 | Integer Overflow or Wraparound vulnerability in Haxx Curl The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | 9.8 |
2018-08-01 | CVE-2016-8619 | Double Free vulnerability in Haxx Curl The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | 9.8 |
2018-08-01 | CVE-2016-8616 | Credentials Management vulnerability in Haxx Curl A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. | 5.9 |
2018-08-01 | CVE-2016-8615 | Resource Injection vulnerability in Haxx Curl A flaw was found in curl before version 7.51. | 7.5 |
2018-07-31 | CVE-2016-8621 | Out-of-bounds Read vulnerability in Haxx Curl The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | 7.5 |