Search for packages
Package details: pkg:deb/debian/curl@7.88.1-10%2Bdeb12u12
purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u12
Next non-vulnerable version 7.88.1-10+deb12u13
Latest non-vulnerable version 8.14.1-2
Risk 2.9
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-97mb-c19v-bqcx
Aliases:
CVE-2025-0725
libcurl: Buffer Overflow in libcurl via zlib Integer Overflow
7.88.1-10+deb12u13
Affected by 0 other vulnerabilities.
8.12.1-3~bpo12+1
Affected by 0 other vulnerabilities.
8.13.0-1
Affected by 0 other vulnerabilities.
8.13.0-5~bpo12+1
Affected by 0 other vulnerabilities.
VCID-vnx7-5dem-aaaj
Aliases:
CVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
7.88.1-10+deb12u13
Affected by 0 other vulnerabilities.
8.6.0-3
Affected by 0 other vulnerabilities.
8.12.1-3~bpo12+1
Affected by 0 other vulnerabilities.
8.13.0-1
Affected by 0 other vulnerabilities.
8.13.0-5~bpo12+1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-vnx7-5dem-aaaj libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. CVE-2024-2379
VCID-w4x7-57vc-7yh7 When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate. CVE-2024-8096

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:45:43.217862+00:00 Debian Importer Fixing VCID-w4x7-57vc-7yh7 https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T00:11:03.071031+00:00 Debian Importer Fixing VCID-vnx7-5dem-aaaj https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T00:01:47.437875+00:00 Debian Importer Affected by VCID-97mb-c19v-bqcx https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-20T22:13:24.081824+00:00 Debian Importer Affected by VCID-vnx7-5dem-aaaj https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-04-05T14:54:47.738233+00:00 Debian Importer Fixing VCID-w4x7-57vc-7yh7 https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-05T10:27:31.664143+00:00 Debian Importer Affected by VCID-vnx7-5dem-aaaj https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T02:52:59.940138+00:00 Debian Importer Fixing VCID-vnx7-5dem-aaaj https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T02:43:22.685495+00:00 Debian Importer Affected by VCID-97mb-c19v-bqcx https://security-tracker.debian.org/tracker/data/json 36.0.0