Vulnerabilities > Haxx > Curl > Low

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2020-19909 Integer Overflow or Wraparound vulnerability in Haxx Curl 7.65.2
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay.
local
low complexity
haxx CWE-190
3.3
3.3
2023-05-26 CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback.
network
high complexity
haxx fedoraproject apple netapp
3.7
3.7
2022-09-23 CVE-2022-35252 When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses.
network
high complexity
haxx netapp apple debian splunk
3.7
3.7
2021-06-11 CVE-2021-22898 Missing Initialization of Resource vulnerability in multiple products
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. 		3.1
3.1
2020-12-14 CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7
3.7
2019-05-28 CVE-2019-5435 Integer Overflow or Wraparound vulnerability in Haxx Curl
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
network
high complexity
haxx CWE-190
3.7
3.7
2017-04-03 CVE-2017-7407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl 7.53.1
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.
local
low complexity
haxx CWE-119
2.1
2.1