CVSS: 7.5EPSS: 0%CPEs: 162EXPL: 0CVE-2025-0725 – gzip integer overflow
https://notcve.org/view.php?id=CVE-2025-0725
05 Feb 2025 — When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overfl... • https://curl.se/docs/CVE-2025-0725.html •
CVSS: 4.9EPSS: 0%CPEs: 197EXPL: 0CVE-2024-11053 – netrc and redirect credential leak
https://notcve.org/view.php?id=CVE-2024-11053
11 Dec 2024 — When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host... • https://curl.se/docs/CVE-2024-11053.html •
CVSS: 7.8EPSS: 0%CPEs: 95EXPL: 0CVE-2024-7264 – ASN.1 date parser overread
https://notcve.org/view.php?id=CVE-2024-7264
31 Jul 2024 — libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO... • https://curl.se/docs/CVE-2024-7264.html • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 16EXPL: 1CVE-2023-28322 – curl: more POST-after-PUT confusion
https://notcve.org/view.php?id=CVE-2023-28322
26 May 2023 — An information disclosure vulnerability exists in curl
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1CVE-2023-28320 – Apple Security Advisory 2023-07-24-6
https://notcve.org/view.php?id=CVE-2023-28320
26 May 2023 — A denial of service vulnerability exists in curl
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1CVE-2023-28319 – curl: use after free in SSH sha256 fingerprint check
https://notcve.org/view.php?id=CVE-2023-28319
26 May 2023 — A use after free vulnerability exists in curl
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 1CVE-2023-28321 – curl: IDN wildcard match may lead to Improper Cerificate Validation
https://notcve.org/view.php?id=CVE-2023-28321
26 May 2023 — An improper certificate validation vulnerability exists in curl
CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 1CVE-2023-27534 – curl: SFTP path ~ resolving discrepancy
https://notcve.org/view.php?id=CVE-2023-27534
21 Mar 2023 — A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Harry Sintonen discovered that curl incorrectly handled certain TELN... • https://hackerone.com/reports/1892351 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 1CVE-2023-27533 – curl: TELNET option IAC injection
https://notcve.org/view.php?id=CVE-2023-27533
21 Mar 2023 — A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Harry Sintonen discov... • https://hackerone.com/reports/1891474 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2022-43552 – curl: Use-after-free triggered by an HTTP proxy deny response
https://notcve.org/view.php?id=CVE-2022-43552
06 Jan 2023 — A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. A vulnerability was found in curl. • http://seclists.org/fulldisclosure/2023/Mar/17 • CWE-416: Use After Free •