CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
Max CVSS
4.3
EPSS Score
0.54%
Published
2015-01-15
Updated
2018-01-05
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Max CVSS
5.8
EPSS Score
0.15%
Published
2015-01-15
Updated
2017-07-01
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Max CVSS
7.3
EPSS Score
1.70%
Published
2016-01-29
Updated
2018-10-17
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.
Max CVSS
5.3
EPSS Score
0.75%
Published
2016-05-20
Updated
2018-10-17
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Max CVSS
7.5
EPSS Score
0.36%
Published
2016-08-10
Updated
2018-11-13
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Max CVSS
7.5
EPSS Score
0.50%
Published
2016-08-10
Updated
2018-11-13
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
Max CVSS
8.1
EPSS Score
0.73%
Published
2016-08-10
Updated
2020-05-08
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
Max CVSS
7.5
EPSS Score
0.36%
Published
2016-10-03
Updated
2018-11-13
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
2.08%
Published
2016-10-07
Updated
2018-11-13
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
Max CVSS
7.5
EPSS Score
0.57%
Published
2018-08-01
Updated
2021-06-29
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.
Max CVSS
5.9
EPSS Score
0.56%
Published
2018-08-01
Updated
2019-10-09
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
Max CVSS
7.0
EPSS Score
0.06%
Published
2018-07-31
Updated
2021-06-29
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
Max CVSS
9.8
EPSS Score
1.31%
Published
2018-07-31
Updated
2018-11-13
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
Max CVSS
9.8
EPSS Score
1.28%
Published
2018-08-01
Updated
2019-10-09
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
Max CVSS
9.8
EPSS Score
0.72%
Published
2018-08-01
Updated
2019-10-09
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
Max CVSS
7.5
EPSS Score
0.37%
Published
2018-07-31
Updated
2018-11-13
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.
Max CVSS
9.8
EPSS Score
1.27%
Published
2018-07-31
Updated
2018-11-13
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
Max CVSS
7.5
EPSS Score
0.47%
Published
2018-08-01
Updated
2021-06-29
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
Max CVSS
7.5
EPSS Score
0.66%
Published
2018-07-31
Updated
2021-06-29
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
Max CVSS
7.5
EPSS Score
0.57%
Published
2018-08-01
Updated
2021-06-29
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!