Vulnerabilities > Haxx > Curl > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-9681 | Incorrect Comparison vulnerability in Haxx Curl When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. | 6.5 |
| 2024-02-03 | CVE-2024-0853 | Improper Certificate Validation vulnerability in Haxx Curl 8.5.0 curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. | 5.3 |
| 2023-12-12 | CVE-2023-46219 | Missing Encryption of Sensitive Data vulnerability in multiple products When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. | 5.3 |
| 2023-12-07 | CVE-2023-46218 | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. | 6.5 |
| 2023-05-26 | CVE-2023-28320 | Resource Exhaustion vulnerability in multiple products A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. | 5.9 |
| 2023-05-26 | CVE-2023-28321 | Improper Certificate Validation vulnerability in multiple products An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. | 5.9 |
| 2023-02-23 | CVE-2023-23915 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. | 6.5 |
| 2023-02-23 | CVE-2023-23916 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 6.5 |
| 2023-02-09 | CVE-2022-43552 | Use After Free vulnerability in multiple products A use after free vulnerability exists in curl <7.87.0. | 5.9 |
| 2022-12-05 | CVE-2022-35260 | Out-of-bounds Write vulnerability in multiple products curl can be told to parse a `.netrc` file for credentials. | 6.5 |