Vulnerabilities (CVE)

Filtered by vendor Haxx Subscribe
Total 149 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22901 5 Haxx, Netapp, Oracle and 2 more 34 Curl, Active Iq Unified Manager, Cloud Backup and 31 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
CVE-2021-22898 6 Debian, Fedoraproject, Haxx and 3 more 12 Debian Linux, Fedora, Curl and 9 more 2024-11-21 2.6 LOW 3.1 LOW
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
CVE-2021-22897 5 Haxx, Netapp, Oracle and 2 more 30 Curl, Cloud Backup, H300e and 27 more 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
CVE-2020-8286 8 Apple, Debian, Fedoraproject and 5 more 20 Mac Os X, Macos, Debian Linux and 17 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2020-8285 9 Apple, Debian, Fedoraproject and 6 more 30 Mac Os X, Macos, Debian Linux and 27 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8284 9 Apple, Debian, Fedoraproject and 6 more 29 Mac Os X, Macos, Debian Linux and 26 more 2024-11-21 4.3 MEDIUM 3.7 LOW
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2020-8231 5 Debian, Haxx, Oracle and 2 more 5 Debian Linux, Libcurl, Communications Cloud Native Core Policy and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVE-2020-8177 5 Debian, Fujitsu, Haxx and 2 more 16 Debian Linux, M10-1, M10-1 Firmware and 13 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVE-2020-8169 4 Debian, Haxx, Siemens and 1 more 6 Debian Linux, Curl, Simatic Tim 1531 Irc and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
CVE-2020-19909 1 Haxx 1 Curl 2024-11-21 N/A 3.3 LOW
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.
CVE-2019-5482 6 Debian, Fedoraproject, Haxx and 3 more 17 Debian Linux, Fedora, Curl and 14 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-5481 6 Debian, Fedoraproject, Haxx and 3 more 13 Debian Linux, Fedora, Curl and 10 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5443 4 Haxx, Microsoft, Netapp and 1 more 10 Curl, Windows, Oncommand Insight and 7 more 2024-11-21 4.4 MEDIUM 7.8 HIGH
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
CVE-2019-5436 7 Debian, F5, Fedoraproject and 4 more 11 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 8 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2019-5435 1 Haxx 1 Curl 2024-11-21 4.3 MEDIUM 3.7 LOW
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
CVE-2019-3823 5 Canonical, Debian, Haxx and 2 more 7 Ubuntu Linux, Debian Linux, Libcurl and 4 more 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
CVE-2019-3822 7 Canonical, Debian, Haxx and 4 more 16 Ubuntu Linux, Debian Linux, Libcurl and 13 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.
CVE-2018-16890 8 Canonical, Debian, F5 and 5 more 10 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 7 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
CVE-2018-16842 3 Canonical, Debian, Haxx 3 Ubuntu Linux, Debian Linux, Curl 2024-11-21 6.4 MEDIUM 4.4 MEDIUM
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
CVE-2018-16839 3 Canonical, Debian, Haxx 3 Ubuntu Linux, Debian Linux, Curl 2024-11-21 7.5 HIGH 4.3 MEDIUM
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.