Vulnerabilities > Haxx > Libcurl > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-18 | CVE-2023-38545 | Out-of-bounds Write vulnerability in multiple products This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. | 9.8 |
| 2021-09-23 | CVE-2021-22945 | Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | 9.1 |
| 2019-02-06 | CVE-2019-3822 | Out-of-bounds Write vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. | 9.8 |
| 2018-09-05 | CVE-2018-14618 | Integer Overflow or Wraparound vulnerability in multiple products curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. | 9.8 |
| 2018-07-31 | CVE-2016-8622 | Out-of-bounds Write vulnerability in Haxx Libcurl The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. | 9.8 |
| 2018-01-24 | CVE-2018-1000005 | Out-of-bounds Read vulnerability in multiple products libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. | 9.1 |
| 2017-11-29 | CVE-2017-8816 | Integer Overflow or Wraparound vulnerability in multiple products The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. | 9.8 |
| 2017-11-29 | CVE-2017-8817 | Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | 9.8 |
| 2017-11-29 | CVE-2017-8818 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl and Libcurl curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. | 9.8 |
| 2017-10-31 | CVE-2017-1000257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An IMAP FETCH response line indicates the size of the returned data, in number of bytes. | 9.1 |