Haxx Libcurl
36 CVEs affecting Haxx Libcurl. Latest disclosed: 2023-10-18. Critical: 6, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-38545 | Critical | 9.8 | 2023-10-18 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow t… |
CVE-2017-8818 | Critical | 9.8 | 2017-11-29 | curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have u… |
CVE-2017-8817 | Critical | 9.8 | 2017-11-29 | The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or… |
CVE-2017-8816 | Critical | 9.8 | 2017-11-29 | The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resul… |
CVE-2016-7167 | Critical | 9.8 | 2016-10-07 | Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow… |
CVE-2017-1000257 | Critical | 9.1 | 2017-10-31 | An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on… |
CVE-2016-5421 | High | 8.1 | 2016-08-10 | Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknow… |
CVE-2017-1000254 | High | 7.5 | 2017-10-06 | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks… |
CVE-2016-7141 | High | 7.5 | 2016-10-03 | curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication o… |
CVE-2016-5420 | High | 7.5 | 2016-08-10 | curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the… |
CVE-2016-5419 | High | 7.5 | 2016-08-10 | curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended… |
CVE-2017-1000100 | Medium | 6.5 | 2017-10-05 | When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit… |
CVE-2017-1000099 | Medium | 6.5 | 2017-10-05 | When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this wou… |
CVE-2023-38546 | Low | 3.7 | 2023-10-18 | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs tr… |
CVE-2015-3237 | | 2015-06-22 | The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denia… | |
CVE-2015-3236 | | 2015-06-22 | cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connecti… | |
CVE-2015-3153 | | 2015-05-01 | The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy… | |
CVE-2015-3148 | | 2015-04-24 | cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via… | |
CVE-2015-3145 | | 2015-04-24 | The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a deni… | |
CVE-2015-3144 | | 2015-04-24 | The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of se… |