VulnerableCode Package Details - pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14

Essentials
History (36)

purl	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14

Next non-vulnerable version	8.14.1-2+deb13u2~bpo13+1
Latest non-vulnerable version	8.18.0-2
Risk	3.6

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-2cx5-1qnw-uufj Aliases: CVE-2026-1965	curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-2szj-xvgq-pkfr Aliases: CVE-2024-2379	curl: QUIC certificate check bypass with wolfSSL	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities.
VCID-5xp7-mcsa-uqd4 Aliases: CVE-2025-14819	When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-6we4-n888-6qhe Aliases: CVE-2025-0725	libcurl: Buffer Overflow in libcurl via zlib Integer Overflow	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities.
VCID-8zks-th64-33b8 Aliases: CVE-2026-3784	curl: curl: Unauthorized access due to improper HTTP proxy connection reuse	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-etzn-uhck-h7b2 Aliases: CVE-2026-3783	curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-ksap-zrmb-ebcu Aliases: CVE-2025-10148	curl: predictable WebSocket mask	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities.
VCID-mkyr-w79c-qqfz Aliases: CVE-2025-14017	curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-nvzd-v3bs-6qek Aliases: CVE-2025-15079	When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-qpux-jh6k-8qhx Aliases: CVE-2025-10966	curl: Curl missing SFTP host verification with wolfSSH backend	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-vbbv-k1r7-kkas Aliases: CVE-2025-15224	When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.
VCID-x57x-w8g8-7ybz Aliases: CVE-2025-14524	When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.	8.14.1-2+deb13u2~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-1~bpo13+1 Affected by 0 other vulnerabilities. 8.18.0-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:13:26.037023+00:00	Debian Importer	Affected by	VCID-5xp7-mcsa-uqd4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:00:11.189064+00:00	Debian Importer	Affected by	VCID-2cx5-1qnw-uufj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:46:53.881816+00:00	Debian Importer	Affected by	VCID-ksap-zrmb-ebcu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:45:48.334421+00:00	Debian Importer	Affected by	VCID-qpux-jh6k-8qhx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:33:51.062046+00:00	Debian Importer	Affected by	VCID-etzn-uhck-h7b2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:26:41.815388+00:00	Debian Importer	Affected by	VCID-nvzd-v3bs-6qek	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:43:54.863133+00:00	Debian Importer	Affected by	VCID-mkyr-w79c-qqfz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:24:08.917430+00:00	Debian Importer	Affected by	VCID-vbbv-k1r7-kkas	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:18:21.303867+00:00	Debian Importer	Affected by	VCID-2szj-xvgq-pkfr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:13:40.163010+00:00	Debian Importer	Affected by	VCID-x57x-w8g8-7ybz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:00:40.715576+00:00	Debian Importer	Affected by	VCID-8zks-th64-33b8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:23.211027+00:00	Debian Importer	Affected by	VCID-6we4-n888-6qhe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:21:43.848201+00:00	Debian Importer	Affected by	VCID-5xp7-mcsa-uqd4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:11:49.976353+00:00	Debian Importer	Affected by	VCID-2cx5-1qnw-uufj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:17:42.744970+00:00	Debian Importer	Affected by	VCID-ksap-zrmb-ebcu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:16:48.163159+00:00	Debian Importer	Affected by	VCID-qpux-jh6k-8qhx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:08:06.025705+00:00	Debian Importer	Affected by	VCID-etzn-uhck-h7b2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:02:45.638414+00:00	Debian Importer	Affected by	VCID-nvzd-v3bs-6qek	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:29:41.322784+00:00	Debian Importer	Affected by	VCID-mkyr-w79c-qqfz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:16:33.631301+00:00	Debian Importer	Affected by	VCID-vbbv-k1r7-kkas	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:13:06.023828+00:00	Debian Importer	Affected by	VCID-2szj-xvgq-pkfr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:10:20.361755+00:00	Debian Importer	Affected by	VCID-x57x-w8g8-7ybz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:02:30.210044+00:00	Debian Importer	Affected by	VCID-8zks-th64-33b8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:55:02.772616+00:00	Debian Importer	Affected by	VCID-6we4-n888-6qhe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:14:44.136519+00:00	Debian Importer	Affected by	VCID-qpux-jh6k-8qhx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:08.226004+00:00	Debian Importer	Affected by	VCID-5xp7-mcsa-uqd4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:25.603042+00:00	Debian Importer	Affected by	VCID-2cx5-1qnw-uufj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:11:50.840781+00:00	Debian Importer	Affected by	VCID-ksap-zrmb-ebcu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:06.179281+00:00	Debian Importer	Affected by	VCID-nvzd-v3bs-6qek	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:36.574478+00:00	Debian Importer	Affected by	VCID-etzn-uhck-h7b2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:18.414646+00:00	Debian Importer	Affected by	VCID-vbbv-k1r7-kkas	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:54.270476+00:00	Debian Importer	Affected by	VCID-mkyr-w79c-qqfz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:31.040885+00:00	Debian Importer	Affected by	VCID-2szj-xvgq-pkfr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:16.138177+00:00	Debian Importer	Affected by	VCID-x57x-w8g8-7ybz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:34.358786+00:00	Debian Importer	Affected by	VCID-8zks-th64-33b8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:02:48.293156+00:00	Debian Importer	Affected by	VCID-6we4-n888-6qhe	https://security-tracker.debian.org/tracker/data/json	38.1.0