Every CVE whose affected-product data names Haxx Libcurl, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (61)
CVE-2017-8816 — CVSS 9.8 (critical): The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service…
CVE-2023-38545 — CVSS 9.8 (critical): This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the…
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2017-8818 — CVSS 9.8 (critical): curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application…
CVE-2017-8817 — CVSS 9.8 (critical): The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and…
CVE-2016-7167 — CVSS 9.8 (critical): Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl…
CVE-2018-1000005 — CVSS 9.1 (critical): libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/cur…
CVE-2021-22945 — CVSS 9.1 (critical): When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already…
CVE-2017-1000257 — CVSS 9.1 (critical): An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes…
CVE-2015-3144 — CVSS 9.0 (critical): The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to…
CVE-2005-0490 — CVSS 8.8 (high): Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to…
CVE-2016-5421 — CVSS 8.1 (high): Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified…
CVE-2019-5436 — CVSS 7.8 (high): A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2020-8285 — CVSS 7.5 (high): curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2013-0249 — CVSS 7.5 (high): Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through…
CVE-2024-6197 — CVSS 7.5 (high): libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return…
CVE-2020-8286 — CVSS 7.5 (high): curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP…
CVE-2015-3145 — CVSS 7.5 (high): The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote…
CVE-2018-14618 — CVSS 7.5 (high): curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_has…
CVE-2020-8231 — CVSS 7.5 (high): Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVE-2016-5419 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers…
CVE-2016-5420 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote…
CVE-2016-7141 — CVSS 7.5 (high): curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack…
CVE-2017-1000254 — CVSS 7.5 (high): libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in…
CVE-2018-16890 — CVSS 7.5 (high): libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2…
CVE-2025-0725 — CVSS 7.3 (high): When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option…
CVE-2013-2174 — CVSS 6.8 (medium): Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote…
CVE-2024-7264 — CVSS 6.5 (medium): libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically…
CVE-2017-1000099 — CVSS 6.5 (medium): When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The…
CVE-2017-1000100 — CVSS 6.5 (medium): When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name…
CVE-2014-0138 — CVSS 6.4 (medium): The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7)…
CVE-2015-3237 — CVSS 6.4 (medium): The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from…
CVE-2024-32928 — CVSS 5.9 (medium): The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential…
CVE-2023-27537 — CVSS 5.9 (medium): A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without…
CVE-2023-27535 — CVSS 5.9 (medium): An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials…
CVE-2023-27536 — CVSS 5.9 (medium): An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established…
CVE-2014-0139 — CVSS 5.8 (medium): cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in…
CVE-2014-8151 — CVSS 5.8 (medium): The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka…
CVE-2023-27538 — CVSS 5.5 (medium): An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite…
CVE-2021-22876 — CVSS 5.3 (medium): curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking…
CVE-2015-3236 — CVSS 5.0 (medium): cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset…
CVE-2014-3620 — CVSS 5.0 (medium): cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a…
CVE-2015-3153 — CVSS 5.0 (medium): The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which…
CVE-2015-3148 — CVSS 5.0 (medium): cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect…
CVE-2015-3143 — CVSS 5.0 (medium): cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users…
CVE-2013-1944 — CVSS 5.0 (medium): The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which…
CVE-2014-3613 — CVSS 5.0 (medium): cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies…
CVE-2017-7468 — CVSS 4.8 (medium): In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had…
CVE-2011-2192 — CVSS 4.3 (medium): The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs…
CVE-2019-3823 — CVSS 4.3 (medium): libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for…
CVE-2014-8150 — CVSS 4.3 (medium): CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject…
CVE-2014-3707 — CVSS 4.3 (medium): The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly…
CVE-2013-4545 — CVSS 4.3 (medium): cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification…
CVE-2024-6874 — CVSS 4.3 (medium): libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN…
CVE-2013-6422 — CVSS 4.0 (medium): The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables…
CVE-2014-0015 — CVSS 4.0 (medium): cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow…
CVE-2014-2522 — CVSS 4.0 (medium): curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server…
CVE-2021-22924 — CVSS 3.7 (low): libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to…
CVE-2021-22890 — CVSS 3.7 (low): curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of…
CVE-2023-38546 — CVSS 3.7 (low): This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met…
CVE-2016-8622 — CVSS 3.7 (low): The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would…