Vulnerabilities > Haxx
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-31 | CVE-2016-8621 | Out-of-bounds Read vulnerability in Haxx Curl The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | 7.5 |
| 2018-07-31 | CVE-2016-8617 | Out-of-bounds Write vulnerability in Haxx Curl The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | 7.0 |
| 2018-07-31 | CVE-2016-8624 | Improper Input Validation vulnerability in Haxx Curl curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. | 7.5 |
| 2018-07-31 | CVE-2016-8622 | Out-of-bounds Write vulnerability in Haxx Libcurl The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. | 9.8 |
| 2018-07-31 | CVE-2016-8618 | Double Free vulnerability in Haxx Curl The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. | 9.8 |
| 2018-07-27 | CVE-2017-2629 | Improper Certificate Validation vulnerability in Haxx Curl curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. | 4.0 |
| 2018-07-16 | CVE-2017-7468 | Improper Certificate Validation vulnerability in Haxx Libcurl In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. | 5.0 |
| 2018-07-11 | CVE-2018-0500 | Out-of-bounds Write vulnerability in multiple products Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). | 7.5 |
| 2018-05-24 | CVE-2018-1000301 | Out-of-bounds Read vulnerability in multiple products curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. | 6.4 |
| 2018-05-24 | CVE-2018-1000300 | Out-of-bounds Write vulnerability in multiple products curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. | 7.5 |