Vulnerability Library

search
ID
Packages
Summary
Affected versions
Published
Fix
CURL-CVE-2024-2004
  • github.com/curl/curl.git
 Usage of disabled protocol
  • 8.6.0
  • 8.5.0
  • 8.4.0
  • 8.3.0
  • 8.2.1
  • 8.2.0
  • 8.1.2
  • ...
 2024-03-27T08:00:00Z Fix available
CURL-CVE-2024-2379
  • github.com/curl/curl.git
 QUIC certificate check bypass with wolfSSL
  • 8.6.0
 2024-03-27T08:00:00Z Fix available
CURL-CVE-2024-2398
  • github.com/curl/curl.git
 HTTP/2 push headers memory-leak
  • 8.6.0
  • 8.5.0
  • 8.4.0
  • 8.3.0
  • 8.2.1
  • 8.2.0
  • 8.1.2
  • ...
 2024-03-27T08:00:00Z Fix available
CURL-CVE-2024-2466
  • github.com/curl/curl.git
 TLS certificate check bypass with mbedTLS
  • 8.6.0
  • 8.5.0
 2024-03-27T08:00:00Z Fix available
CVE-2024-0853
  • github.com/curl/curl
 See record for full details
  • Curl_easy_1-1-7
  • Curl_easy_1-1-8
  • before_ftp_statemachine
  • before_urldata_rename
  • c-ares-1_2_0
  • c-ares-1_3_0
  • curl-6_5
  • ...
 2024-02-03T14:15:50Z No fix available
CURL-CVE-2024-0853
  • github.com/curl/curl.git
 OCSP verification bypass with TLS session reuse
  • 8.5.0
 2024-01-31T08:00:00Z Fix available
CVE-2023-52071
  • github.com/curl/curl
 See record for full details
  • Curl_easy_1-1-7
  • Curl_easy_1-1-8
  • before_ftp_statemachine
  • before_urldata_rename
  • c-ares-1_2_0
  • c-ares-1_3_0
  • curl-6_5
  • ...
 2024-01-30T07:15:07Z Fix available
CURL-CVE-2023-46218
  • github.com/curl/curl.git
 cookie mixed case PSL bypass
  • 8.4.0
  • 8.3.0
  • 8.2.1
  • 8.2.0
  • 8.1.2
  • 8.1.1
  • 8.1.0
  • ...
 2023-12-06T08:00:00Z Fix available
CURL-CVE-2023-46219
  • github.com/curl/curl.git
 HSTS long file name clears contents
  • 8.4.0
  • 8.3.0
  • 8.2.1
  • 8.2.0
  • 8.1.2
  • 8.1.1
  • 8.1.0
  • ...
 2023-12-06T08:00:00Z Fix available
CURL-CVE-2023-38545
  • github.com/curl/curl.git
 SOCKS5 heap buffer overflow
  • 8.3.0
  • 8.2.1
  • 8.2.0
  • 8.1.2
  • 8.1.1
  • 8.1.0
  • 8.0.1
  • ...
 2023-10-11T08:00:00Z Fix available
CURL-CVE-2023-38546
  • github.com/curl/curl.git
 cookie injection with none file
  • 8.3.0
  • 8.2.1
  • 8.2.0
  • 8.1.2
  • 8.1.1
  • 8.1.0
  • 8.0.1
  • ...
 2023-10-11T08:00:00Z Fix available
CURL-CVE-2023-38039
  • github.com/curl/curl.git
 HTTP headers eat all memory
  • 8.2.1
  • 8.2.0
  • 8.1.2
  • 8.1.1
  • 8.1.0
  • 8.0.1
  • 8.0.0
  • ...
 2023-09-13T08:00:00Z Fix available
CURL-CVE-2023-28319
  • github.com/curl/curl.git
 UAF in SSH sha256 fingerprint check
  • 8.0.1
  • 8.0.0
  • 7.88.1
  • 7.88.0
  • 7.87.0
  • 7.86.0
  • 7.85.0
  • ...
 2023-05-17T08:00:00Z Fix available
CURL-CVE-2023-28320
  • github.com/curl/curl.git
 siglongjmp race condition
  • 8.0.1
  • 8.0.0
  • 7.88.1
  • 7.88.0
  • 7.87.0
  • 7.86.0
  • 7.85.0
  • ...
 2023-05-17T08:00:00Z Fix available
CURL-CVE-2023-28321
  • github.com/curl/curl.git
 IDN wildcard match
  • 8.0.1
  • 8.0.0
  • 7.88.1
  • 7.88.0
  • 7.87.0
  • 7.86.0
  • 7.85.0
  • ...
 2023-05-17T08:00:00Z Fix available
CURL-CVE-2023-28322
  • github.com/curl/curl.git
 more POST-after-PUT confusion
  • 8.0.1
  • 8.0.0
  • 7.88.1
  • 7.88.0
  • 7.87.0
  • 7.86.0
  • 7.85.0
  • ...
 2023-05-17T08:00:00Z Fix available
Load more...