Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO website Info
Protocols
CA Extract HTTP cookies HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog curl CVEs Release Table Version Numbering Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial When options were added
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.42.0 vulnerabilities

Vulnerabilities in curl 7.42.0

Related:
Audits
Bug Bounty
Changelog
curl CVEs
Vulnerability Disclosure
Vulnerabilities Table

curl version 7.42.0 was released on April 22 2015

It has the following 82 published security problems.

FlawFrom versionTo and including
Out of bounds read for cookie path 7.31.0 8.15.0
gzip integer overflow 7.10.5 8.11.1
OCSP stapling bypass with GnuTLS 7.41.0 8.9.1
ASN.1 date parser overread 7.32.0 8.9.0
cookie injection with none file 7.9.1 8.3.0
more POST-after-PUT confusion 7.7 8.0.1
IDN wildcard match 7.12.0 8.0.1
siglongjmp race condition 7.9.8 8.0.1
SSH connection too eager reuse still 7.16.1 7.88.1
GSS delegation too eager connection reuse 7.22.0 7.88.1
FTP too eager connection reuse 7.13.0 7.88.1
SFTP path ~ resolving discrepancy 7.18.0 7.88.1
TELNET option IAC injection 7.7 7.88.1
HTTP Proxy deny use after free 7.16.0 7.86.0
POST following PUT confusion 7.7 7.85.0
control code in cookie denial of service 4.9 7.84.0
FTP-KRB bad message verification 7.16.4 7.83.1
TLS and SSH connection too eager reuse 7.16.1 7.83.0
CERTINFO never-ending busy-loop 7.34.0 7.83.0
Auth/cookie leak on redirect 4.9 7.82.0
Credential leak on redirect 4.9 7.82.0
OAUTH2 bearer bypass in connection reuse 7.33.0 7.82.0
STARTTLS protocol injection via MITM 7.20.0 7.78.0
Protocol downgrade required TLS bypassed 7.20.0 7.78.0
CURLOPT_SSLCERT mix-up with Secure Transport 7.33.0 7.77.0
TELNET stack contents disclosure again 7.7 7.77.0
Bad connection reuse due to flawed path name checks 7.10.4 7.77.0
Metalink download sends credentials 7.27.0 7.77.0
Wrong content via Metalink not discarded 7.27.0 7.77.0
TELNET stack contents disclosure 7.7 7.76.1
Automatic referer leaks credentials 7.1.1 7.75.0
Inferior OCSP verification 7.41.0 7.73.0
FTP wildcard stack overflow 7.21.0 7.73.0
trusting FTP PASV responses 4.0 7.73.0
wrong connect-only connection 7.29.0 7.71.1
curl overwrite local file with -J 7.20.0 7.70.0
TFTP small blocksize heap buffer overflow 7.19.4 7.65.3
TFTP receive buffer overflow 7.19.4 7.64.1
NTLM type-2 out-of-bounds buffer read 7.36.0 7.63.0
NTLMv2 type-3 header stack buffer overflow 7.36.0 7.63.0
SMTP end-of-response out-of-bounds read 7.34.0 7.63.0
warning message out-of-buffer read 7.14.1 7.61.1
SASL password overflow via integer overflow 7.33.0 7.61.1
NTLM password overflow via integer overflow 7.15.4 7.61.0
RTSP bad headers buffer over-read 7.20.0 7.59.0
RTSP RTP buffer over-read 7.20.0 7.58.0
LDAP NULL pointer dereference 7.21.0 7.58.0
FTP path trickery leads to NIL byte out of bounds write 7.12.3 7.58.0
HTTP authentication leak in redirects 6.0 7.57.0
FTP wildcard out of bounds read 7.21.0 7.56.1
NTLM buffer overflow via integer overflow 7.36.0 7.56.1
IMAP FETCH response out of bounds read 7.20.0 7.56.0
FTP PWD response parser out of bounds read 7.7 7.55.1
URL globbing out of bounds read 7.34.0 7.54.1
TFTP sends more than buffer size 7.15.0 7.54.1
--write-out out of buffer read 6.5 7.53.1
printf floating point buffer overflow 5.4 7.51.0
Win CE Schannel cert wildcard matches too much 7.27.0 7.51.0
Win CE Schannel cert name out of buffer read 7.27.0 7.51.0
cookie injection for other servers 4.9 7.50.3
case insensitive password comparison 7.7 7.50.3
OOB write via unchecked multiplication 7.8.1 7.50.3
double free in curl_maprintf 5.4 7.50.3
double free in krb5 code 7.3 7.50.3
glob parser write/read out of bounds 7.34.0 7.50.3
curl_getdate read out of bounds 7.12.2 7.50.3
URL unescape heap overflow via integer truncation 7.24.0 7.50.3
Use after free via shared cookies 7.10.7 7.50.3
invalid URL parsing with '#' 6.0 7.50.3
IDNA 2003 makes curl use wrong host 7.12.0 7.50.3
curl escape and unescape integer overflows 7.11.1 7.50.2
Incorrect reuse of client certificates 7.19.6 7.50.1
TLS session resumption client cert bypass 5.0 7.50.0
Reusing connections with wrong client cert 7.7 7.50.0
use of connection struct after free 7.32.0 7.50.0
Windows DLL hijacking 7.11.1 7.49.0
TLS certificate check bypass with mbedTLS/PolarSSL 7.21.0 7.48.0
remote filename path traversal in curl tool for Windows 4.0 7.46.0
NTLM credentials not-checked for proxy connection reuse 7.10.7 7.46.0
SMB send off unrelated memory contents 7.40.0 7.42.1
lingering HTTP credentials in connection reuse 7.40.0 7.42.1
sensitive HTTP server headers also sent to proxies 4.0 7.42.0

Further details

CVE data for 7.42.0 provided as JSON.

Changelog for curl 7.42.0

See vulnerability summary for the previous release: 7.41.0 or the subsequent release: 7.42.1

AltStyle によって変換されたページ (->オリジナル) /