curl (SUSE:Linux Enterprise Server for SAP Applications 12 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP4 package curl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (38)
CVE-2018-16840 — CVSS 9.8 (critical): A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When…
CVE-2022-32221 — CVSS 9.8 (critical): When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when…
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2023-27534 — CVSS 8.8 (high): A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as…
CVE-2023-27533 — CVSS 8.8 (high): A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on…
CVE-2020-8177 — CVSS 7.8 (high): curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a…
CVE-2019-5436 — CVSS 7.8 (high): A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2018-16890 — CVSS 7.5 (high): libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2…
CVE-2020-8231 — CVSS 7.5 (high): Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVE-2020-8285 — CVSS 7.5 (high): curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8286 — CVSS 7.5 (high): curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP…
CVE-2021-22946 — CVSS 7.5 (high): A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server…
CVE-2022-27781 — CVSS 7.5 (high): libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate…
CVE-2022-27782 — CVSS 7.5 (high): libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited…
CVE-2023-23916 — CVSS 6.5 (medium): An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression…
CVE-2021-22922 — CVSS 6.5 (medium): When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML…
CVE-2022-32206 — CVSS 6.5 (medium): curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and…
CVE-2023-28320 — CVSS 5.9 (medium): A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names…
CVE-2022-43552 — CVSS 5.9 (medium): A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP…
CVE-2021-22947 — CVSS 5.9 (medium): When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server…
CVE-2022-32208 — CVSS 5.9 (medium): When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a…
CVE-2023-28321 — CVSS 5.9 (medium): An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as…
CVE-2023-27535 — CVSS 5.9 (medium): An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials…
CVE-2023-27536 — CVSS 5.9 (medium): An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established…
CVE-2023-27538 — CVSS 5.5 (medium): An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite…
CVE-2021-22923 — CVSS 5.3 (medium): When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file…
CVE-2021-22925 — CVSS 5.3 (medium): curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send…
CVE-2021-22876 — CVSS 5.3 (medium): curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking…
CVE-2018-16842 — CVSS 4.4 (medium): Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in…
CVE-2018-16839 — CVSS 4.3 (medium): Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2019-3823 — CVSS 4.3 (medium): libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for…
CVE-2022-35252 — CVSS 3.7 (low): When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back…
CVE-2021-22924 — CVSS 3.7 (low): libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to…
CVE-2020-8284 — CVSS 3.7 (low): A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and…
CVE-2023-28322 — CVSS 3.7 (low): An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read…
CVE-2021-22898 — CVSS 3.1 (low): curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in…