Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:haxx:libcurl:6.3:*:*:*:*:*:*:*
There are 12 matching records.
Displaying matches 1 through 12.
Vuln ID Summary CVSS Severity

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

Published: September 05, 2018; 3:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

Published: July 31, 2018; 5:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Published: October 07, 2016; 10:59:08 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH

curl and libcurl before 7.50.2, when built with NSS and the library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

Published: October 03, 2016; 5:59:08 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

Published: August 10, 2016; 10:59:06 AM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Published: August 10, 2016; 10:59:05 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Published: August 10, 2016; 10:59:03 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Published: May 01, 2015; 11:59:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Published: January 15, 2015; 10:59:06 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Published: November 18, 2014; 10:59:01 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at setting cookies for a site at

Published: November 18, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Published: April 29, 2013; 6:55:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM