Vulnerabilities in curl 7.23.0

curl version 7.23.0 was released on November 15 2011

It has the following 73 published security problems.

Flaw	From version	To and including
gzip integer overflow	7.10.5	8.11.1
cookie injection with none file	7.9.1	8.3.0
more POST-after-PUT confusion	7.7	8.0.1
IDN wildcard match	7.12.0	8.0.1
siglongjmp race condition	7.9.8	8.0.1
SSH connection too eager reuse still	7.16.1	7.88.1
GSS delegation too eager connection reuse	7.22.0	7.88.1
FTP too eager connection reuse	7.13.0	7.88.1
SFTP path ~ resolving discrepancy	7.18.0	7.88.1
TELNET option IAC injection	7.7	7.88.1
HTTP Proxy deny use after free	7.16.0	7.86.0
POST following PUT confusion	7.7	7.85.0
control code in cookie denial of service	4.9	7.84.0
FTP-KRB bad message verification	7.16.4	7.83.1
TLS and SSH connection too eager reuse	7.16.1	7.83.0
Auth/cookie leak on redirect	4.9	7.82.0
Credential leak on redirect	4.9	7.82.0
STARTTLS protocol injection via MITM	7.20.0	7.78.0
Protocol downgrade required TLS bypassed	7.20.0	7.78.0
TELNET stack contents disclosure again	7.7	7.77.0
Bad connection reuse due to flawed path name checks	7.10.4	7.77.0
TELNET stack contents disclosure	7.7	7.76.1
Automatic referer leaks credentials	7.1.1	7.75.0
FTP wildcard stack overflow	7.21.0	7.73.0
trusting FTP PASV responses	4.0	7.73.0
curl overwrite local file with -J	7.20.0	7.70.0
TFTP small blocksize heap buffer overflow	7.19.4	7.65.3
TFTP receive buffer overflow	7.19.4	7.64.1
warning message out-of-buffer read	7.14.1	7.61.1
NTLM password overflow via integer overflow	7.15.4	7.61.0
RTSP bad headers buffer over-read	7.20.0	7.59.0
RTSP RTP buffer over-read	7.20.0	7.58.0
LDAP NULL pointer dereference	7.21.0	7.58.0
FTP path trickery leads to NIL byte out of bounds write	7.12.3	7.58.0
HTTP authentication leak in redirects	6.0	7.57.0
FTP wildcard out of bounds read	7.21.0	7.56.1
IMAP FETCH response out of bounds read	7.20.0	7.56.0
FTP PWD response parser out of bounds read	7.7	7.55.1
TFTP sends more than buffer size	7.15.0	7.54.1
--write-out out of buffer read	6.5	7.53.1
printf floating point buffer overflow	5.4	7.51.0
cookie injection for other servers	4.9	7.50.3
case insensitive password comparison	7.7	7.50.3
OOB write via unchecked multiplication	7.8.1	7.50.3
double free in curl_maprintf	5.4	7.50.3
double free in krb5 code	7.3	7.50.3
curl_getdate read out of bounds	7.12.2	7.50.3
Use after free via shared cookies	7.10.7	7.50.3
invalid URL parsing with '#'	6.0	7.50.3
IDNA 2003 makes curl use wrong host	7.12.0	7.50.3
curl escape and unescape integer overflows	7.11.1	7.50.2
Incorrect reuse of client certificates	7.19.6	7.50.1
TLS session resumption client cert bypass	5.0	7.50.0
Reusing connections with wrong client cert	7.7	7.50.0
Windows DLL hijacking	7.11.1	7.49.0
TLS certificate check bypass with mbedTLS/PolarSSL	7.21.0	7.48.0
remote filename path traversal in curl tool for Windows	4.0	7.46.0
NTLM credentials not-checked for proxy connection reuse	7.10.7	7.46.0
sensitive HTTP server headers also sent to proxies	4.0	7.42.0
Negotiate not treated as connection-oriented	7.10.6	7.41.0
Reusing authenticated connection when unauthenticated	7.10.6	7.41.0
URL request injection	6.0	7.39.0
duphandle read out of bounds	7.17.1	7.38.0
cookie leak with IP address as domain	4.0	7.37.1
IP address wildcard certificate validation	7.10.3	7.35.0
wrong reuse of connections	7.10.6	7.35.0
reuse of wrong HTTP NTLM connection	7.10.6	7.34.0
cert name check ignore with GnuTLS	7.21.4	7.33.0
cert name check ignore OpenSSL	7.18.0	7.32.0
URL decode buffer boundary flaw	7.7	7.30.0
cookie domain tailmatch	4.7	7.29.0
SSL CBC IV vulnerability	7.10.6	7.23.1
URL sanitization vulnerability	7.20.0	7.23.1

Further details

CVE data for 7.23.0 provided as JSON.

Changelog for curl 7.23.0

See vulnerability summary for the previous release: 7.22.0 or the subsequent release: 7.23.1