Information on source package curl

Available versions

ReleaseVersion
wheezy7.26.0-1+wheezy13
wheezy (security)7.26.0-1+wheezy23
jessie (security)7.38.0-4+deb8u8
stretch (security)7.52.1-5+deb9u3
buster7.57.0-1
sid7.57.0-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2016-9586fixedvulnerable (no DSA)fixedfixedfixedprintf floating point buffer overflow
CVE-2016-8625vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixed
CVE-2016-7167fixedvulnerable (no DSA)fixedfixedfixedMultiple integer overflows in the (1) curl_escape, (2) ...
CVE-2016-7141fixedvulnerable (no DSA)fixedfixedfixedcurl and libcurl before 7.50.2, when built with NSS and the ...
CVE-2016-0755vulnerable (no DSA)fixedfixedfixedfixedThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 ...
CVE-2015-3153vulnerable (no DSA)fixedfixedfixedfixedThe default configuration for cURL and libcurl before 7.42.1 sends ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-7407fixedvulnerablefixedfixedfixedThe ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...
CVE-2016-3739vulnerablevulnerablefixedfixedfixedThe (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...

Resolved issues

BugDescription
CVE-2017-9502In curl before 7.54.1 on Windows and DOS, libcurl's default protocol ...
CVE-2017-8818curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to ...
CVE-2017-8817The FTP wildcard function in curl and libcurl before 7.57.0 allows ...
CVE-2017-8816The NTLM authentication feature in curl and libcurl before 7.57.0 on ...
CVE-2017-7468
CVE-2017-2629SSL_VERIFYSTATUS ignored
CVE-2017-2628
CVE-2017-1000257An IMAP FETCH response line indicates the size of the returned data, ...
CVE-2017-1000254libcurl may read outside of a heap allocated buffer when doing FTP. ...
CVE-2017-1000101curl supports "globbing" of URLs, in which a user can pass a numerical ...
CVE-2017-1000100When doing a TFTP transfer and curl/libcurl is given a URL that ...
CVE-2017-1000099When asking to get a file from a file:// URL, libcurl provides a ...
CVE-2016-9594
CVE-2016-8624
CVE-2016-8623
CVE-2016-8622
CVE-2016-8621
CVE-2016-8620
CVE-2016-8619
CVE-2016-8618
CVE-2016-8617
CVE-2016-8616
CVE-2016-8615
CVE-2016-5421Use-after-free vulnerability in libcurl before 7.50.1 allows attackers ...
CVE-2016-5420curl and libcurl before 7.50.1 do not check the client certificate ...
CVE-2016-5419curl and libcurl before 7.50.1 do not prevent TLS session resumption ...
CVE-2016-4802Multiple untrusted search path vulnerabilities in cURL and libcurl ...
CVE-2016-0754cURL before 7.47.0 on Windows allows attackers to write to arbitrary ...
CVE-2015-3237The smb_request_state function in cURL and libcurl 7.40.0 through ...
CVE-2015-3236cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic ...
CVE-2015-3148cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use ...
CVE-2015-3145The sanitize_cookie_path function in cURL and libcurl 7.31.0 through ...
CVE-2015-3144The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 ...
CVE-2015-3143cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM ...
CVE-2014-8151The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in ...
CVE-2014-8150CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...
CVE-2014-3707The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, ...
CVE-2014-3620cURL and libcurl before 7.38.0 allow remote attackers to bypass the ...
CVE-2014-3613cURL and libcurl before 7.38.0 does not properly handle IP addresses ...
CVE-2014-2522curl and libcurl 7.27.0 through 7.35.0, when running on Windows and ...
CVE-2014-1263curl and libcurl 7.27.0 through 7.35.0, when using the ...
CVE-2014-0139cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, ...
CVE-2014-0138The default configuration in cURL and libcurl 7.10.6 before 7.36.0 ...
CVE-2014-0015cURL and libcurl 7.10.6 through 7.34.0, when more than one ...
CVE-2013-6422The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling ...
CVE-2013-4545cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, ...
CVE-2013-2174Heap-based buffer overflow in the curl_easy_unescape function in ...
CVE-2013-1944The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 ...
CVE-2013-0249Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...
CVE-2012-0036curl and libcurl 7.2x before 7.24.0 do not properly consider special ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...
CVE-2011-2192The Curl_input_negotiate function in http_negotiate.c in libcurl ...
CVE-2010-3842Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, ...
CVE-2010-0734content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is ...
CVE-2009-2417lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...
CVE-2009-0037The redirect implementation in curl and libcurl 5.11 through 7.19.3, ...
CVE-2007-3564libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...
CVE-2006-1061Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...
CVE-2005-4077Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...
CVE-2005-3185Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...
CVE-2005-0490Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...

Security announcements

DSA / DLADescription
DLA-1195-1curl - security update
DSA-4051-1curl - security update
DSA-4051-1curl - security update
DSA-4007-1curl - security update
DSA-4007-1curl - security update
DLA-1143-1curl - security update
DSA-3992-1curl - security update
DSA-3992-1curl - security update
DLA-1121-1curl - security update
DLA-1062-1curl - security update
DLA-883-1curl - security update
DLA-767-1curl - security update
DLA-711-1curl - security update
DSA-3705-1curl - security update
DLA-625-1curl - security update
DLA-616-1curl - security update
DLA-586-1curl - security update
DSA-3638-1curl - security update
DSA-3455-1curl - security update
DSA-3240-1curl - security update
DLA-211-1curl - security update
DSA-3232-1curl - security update
DSA-3232-1curl - security update
DLA-134-1curl - security update
DSA-3122-1curl - security update
DLA-84-1curl - security update
DSA-3069-1curl - security update
DLA-64-1curl - security update
DSA-3022-1curl - security update
DSA-2902-1curl - security update
DSA-2902-1curl - security update
DSA-2849-1curl - information disclosure
DSA-2849-1curl - information disclosure
DSA-2824-1curl - unchecked tls/ssl certificate host name
DSA-2798-1curl - unchecked ssl certificate host name
DSA-2798-1curl - unchecked ssl certificate host name
DSA-2713-1curl - heap overflow
DSA-2713-1curl - heap overflow
DSA-2660-1curl - cookie leak vulnerability
DSA-2398-1curl - several
DSA-2398-1curl - several
DSA-2271-1curl - improper delegation of client credentials
DSA-2271-1curl - improper delegation of client credentials
DSA-2023-1curl - arbitrary code execution
DSA-1869-1curl - SSL certificate verification weakness
DSA-1869-1curl - SSL certificate verification weakness
DSA-1738-1curl - arbitrary file access
DSA-1738-1curl - arbitrary file access
DSA-1333-1curl
DSA-919-2curl - buffer overflow
DSA-919-2curl - buffer overflow

Search for package or bug name: Reporting problems