Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2019-05-28 CVE-2019-5435 Integer Overflow or Wraparound vulnerability in Haxx Curl
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
network
high complexity
haxx CWE-190
3.7
3.7
2019-02-06 CVE-2019-3823 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.
network
low complexity
haxx canonical debian netapp oracle
7.5
7.5
2019-02-06 CVE-2019-3822 Out-of-bounds Write vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
network
low complexity
haxx canonical debian netapp siemens oracle redhat CWE-787
critical
 9.8
9.8
2019-02-06 CVE-2018-16890 Integer Overflow or Wraparound vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. 		7.5
7.5
2018-10-31 CVE-2018-16842 Out-of-bounds Read vulnerability in multiple products
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
network
low complexity
haxx canonical debian CWE-125
critical
 9.1
9.1
2018-10-31 CVE-2018-16840 Use After Free vulnerability in multiple products
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle.
network
low complexity
haxx canonical CWE-416
critical
 9.8
9.8
2018-10-31 CVE-2018-16839 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
network
low complexity
haxx debian canonical CWE-119
critical
 9.8
9.8
2018-09-05 CVE-2018-14618 Integer Overflow or Wraparound vulnerability in multiple products
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code.
network
low complexity
haxx canonical debian redhat CWE-190
critical
 9.8
9.8
2018-08-23 CVE-2003-1605 Credentials Management vulnerability in Haxx Curl
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
network
low complexity
haxx CWE-255
7.5
7.5
2018-08-01 CVE-2016-8625 Unspecified vulnerability in Haxx Curl
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
network
low complexity
haxx
7.5
7.5