Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2022-43552 Use After Free vulnerability in multiple products
A use after free vulnerability exists in curl <7.87.0.
network
high complexity
haxx apple splunk CWE-416
5.9
2022-12-23 CVE-2022-43551 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
network
low complexity
haxx fedoraproject netapp splunk CWE-319
7.5
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in multiple products
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx netapp debian apple splunk CWE-668
critical
9.8
2022-12-05 CVE-2022-35260 Out-of-bounds Write vulnerability in multiple products
curl can be told to parse a `.netrc` file for credentials.
network
low complexity
haxx netapp apple splunk CWE-787
6.5
2022-10-29 CVE-2022-42915 Double Free vulnerability in multiple products
curl before 7.86.0 has a double free.
network
high complexity
haxx fedoraproject netapp apple splunk CWE-415
8.1
2022-10-29 CVE-2022-42916 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP.
network
low complexity
haxx fedoraproject apple splunk CWE-319
7.5
2022-09-23 CVE-2022-35252 When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses.
network
high complexity
haxx netapp apple debian splunk
3.7
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
6.5
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
9.8