VulnerableCode Package Details - pkg:generic/curl.se/curl@8.14.1

Search for packages

Package details: pkg:generic/curl.se/curl@8.14.1

Essentials
History (3)

purl	pkg:generic/curl.se/curl@8.14.1

Next non-vulnerable version	8.16.0
Latest non-vulnerable version	8.16.0
Risk	3.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-9atx-frk5-yfan Aliases: CVE-2025-10148		8.16.0 Affected by 0 other vulnerabilities.
VCID-s9w4-b85c-ffd6 Aliases: CVE-2025-9086		8.16.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-e916-cgn6-f3gx	Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.	CVE-2025-5399

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-09-10T11:50:42.555364+00:00	Curl Importer	Affected by	VCID-s9w4-b85c-ffd6	https://curl.se/docs/CVE-2025-9086.json	37.0.0
2025-09-10T11:50:42.024953+00:00	Curl Importer	Affected by	VCID-9atx-frk5-yfan	https://curl.se/docs/CVE-2025-10148.json	37.0.0
2025-07-31T09:34:07.922769+00:00	Curl Importer	Fixing	VCID-e916-cgn6-f3gx	https://curl.se/docs/CVE-2025-5399.json	37.0.0