VulnerableCode Package Details - pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14

Search for packages

Package details: pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14

Essentials
History (2)

purl	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-pzuq-trxq-6yh8	libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.	CVE-2024-2379
VCID-vyre-1jrv-rqea	When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.	CVE-2025-0725

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T13:22:15.609803+00:00	Debian Importer	Fixing	VCID-vyre-1jrv-rqea	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:02:57.276338+00:00	Debian Importer	Fixing	VCID-pzuq-trxq-6yh8	https://security-tracker.debian.org/tracker/data/json	37.0.0