Search for packages
| purl | pkg:deb/ubuntu/curl@7.52.1-4ubuntu1.4 |
| Next non-vulnerable version | 7.68.0-1ubuntu2.7 |
| Latest non-vulnerable version | 7.68.0-1ubuntu2.7 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1z5w-2awv-aaaj
Aliases: CVE-2018-16890 |
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. |
Affected by 19 other vulnerabilities. |
|
VCID-2zq2-qsgf-aaaj
Aliases: CVE-2021-22898 |
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. |
Affected by 2 other vulnerabilities. |
|
VCID-54bc-cejm-aaaq
Aliases: CVE-2019-3822 |
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. |
Affected by 19 other vulnerabilities. |
|
VCID-5fs1-75pg-aaah
Aliases: CVE-2018-0500 |
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). |
Affected by 25 other vulnerabilities. |
|
VCID-5t39-fany-aaan
Aliases: CVE-2020-8177 |
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. |
Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-61j5-aj1z-aaaq
Aliases: CVE-2021-22924 |
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. |
Affected by 2 other vulnerabilities. |
|
VCID-6qjg-v45t-aaam
Aliases: CVE-2021-22925 |
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. |
Affected by 2 other vulnerabilities. |
|
VCID-7y9x-jdpb-aaaq
Aliases: CVE-2018-1000122 |
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
Affected by 28 other vulnerabilities. |
|
VCID-8n1u-u1zp-aaac
Aliases: CVE-2019-5482 |
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. |
Affected by 16 other vulnerabilities. |
|
VCID-9ndg-1sj3-aaab
Aliases: CVE-2020-8284 |
Affected by 9 other vulnerabilities. |
|
|
VCID-9q2e-1vc3-aaae
Aliases: CVE-2019-3823 |
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. |
Affected by 15 other vulnerabilities. |
|
VCID-a5a7-essu-aaah
Aliases: CVE-2020-8286 |
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. |
Affected by 9 other vulnerabilities. |
|
VCID-cjbd-4xhr-aaae
Aliases: CVE-2018-1000300 |
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. |
Affected by 26 other vulnerabilities. |
|
VCID-d49w-zdjv-aaas
Aliases: CVE-2018-1000301 |
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
Affected by 26 other vulnerabilities. |
|
VCID-dz47-c3tm-aaap
Aliases: CVE-2021-22890 |
Affected by 6 other vulnerabilities. |
|
|
VCID-farc-u5hj-aaaq
Aliases: CVE-2016-8625 |
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. |
Affected by 31 other vulnerabilities. |
|
VCID-fth4-rgkf-aaam
Aliases: CVE-2019-5436 |
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. |
Affected by 18 other vulnerabilities. |
|
VCID-gk8w-7smm-aaac
Aliases: CVE-2021-22947 |
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. |
Affected by 0 other vulnerabilities. |
|
VCID-gm8s-9m9y-aaar
Aliases: CVE-2018-14618 |
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) |
Affected by 23 other vulnerabilities. |
|
VCID-j8eq-c91u-aaan
Aliases: CVE-2021-22945 |
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. |
Affected by 2 other vulnerabilities. |
|
VCID-juzu-eydf-aaaa
Aliases: CVE-2018-16840 |
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. |
Affected by 23 other vulnerabilities. |
|
VCID-mjks-tkp5-aaar
Aliases: CVE-2021-22946 |
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. |
Affected by 0 other vulnerabilities. |
|
VCID-njss-xaxg-aaab
Aliases: CVE-2020-8231 |
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. |
Affected by 12 other vulnerabilities. |
|
VCID-nn2j-we1s-aaaa
Aliases: CVE-2020-8169 |
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). |
Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-qeam-padc-aaap
Aliases: CVE-2018-1000121 |
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service |
Affected by 28 other vulnerabilities. |
|
VCID-spj8-2b9e-aaab
Aliases: CVE-2019-5481 |
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. |
Affected by 16 other vulnerabilities. |
|
VCID-tgaa-yvya-aaan
Aliases: CVE-2018-1000120 GHSA-674j-7m97-j2p9 |
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
Affected by 28 other vulnerabilities. |
|
VCID-tz5z-xncu-aaaf
Aliases: CVE-2021-22901 |
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. |
Affected by 6 other vulnerabilities. |
|
VCID-uhyn-bd8d-aaak
Aliases: CVE-2018-16842 |
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. |
Affected by 21 other vulnerabilities. |
|
VCID-wjdy-shr9-aaah
Aliases: CVE-2020-8285 |
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. |
Affected by 9 other vulnerabilities. |
|
VCID-wyw1-r84q-aaac
Aliases: CVE-2021-22876 |
Affected by 6 other vulnerabilities. |
|
|
VCID-ygm6-kywu-aaap
Aliases: CVE-2018-16839 |
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. |
Affected by 21 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|