VulnerableCode Package Details - pkg:deb/debian/curl@7.88.1-10%2Bdeb12u12

Search for packages

Package details: pkg:deb/debian/curl@7.88.1-10%2Bdeb12u12

Essentials
History (2)

purl	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u12

Next non-vulnerable version	7.88.1-10+deb12u14
Latest non-vulnerable version	7.88.1-10+deb12u14
Risk	2.9

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-pzuq-trxq-6yh8 Aliases: CVE-2024-2379	libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.	7.88.1-10+deb12u14 Affected by 0 other vulnerabilities.
VCID-vyre-1jrv-rqea Aliases: CVE-2025-0725	When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.	7.88.1-10+deb12u14 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T13:22:15.604815+00:00	Debian Importer	Affected by	VCID-vyre-1jrv-rqea	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:02:57.270441+00:00	Debian Importer	Affected by	VCID-pzuq-trxq-6yh8	https://security-tracker.debian.org/tracker/data/json	37.0.0