Latest haxx libcurl Vulnerabilities

CVE-2023-38546
curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities
Haxx Libcurl>=7.9.1<8.4.0
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple macOS Sonoma<14.2
Apple macOS Ventura<13.6.4
Apple macOS Monterey<12.7.3
and 11 more
CVE-2023-38545
curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities
Microsoft Windows Server 2019
Microsoft Windows 11=23H2
Microsoft Windows 11=22H2
Microsoft Windows 11=21H2
Microsoft Windows 11=22H2
Microsoft Windows 11=23H2
and 59 more
CVE-2023-32001
curl: fopen race condition: CVE-2023-32001
Haxx Libcurl>=7.84.0<=8.1.2
Debian Debian Linux=12.0
Fedoraproject Fedora=37
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
CVE-2023-27537
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b...
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl=7.88.0
Haxx Libcurl=7.88.1
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 20 more
CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have pre...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.16.1<8.0.0
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 22 more
CVE-2023-27536
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to chec...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.22.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created conn...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.13.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2021-22945
curl. Multiple issues were addressed by updating to curl version 7.79.1.
debian/curl
Apple macOS Monterey<12.3
Haxx Libcurl>=7.73.0<=7.78.0
Fedoraproject Fedora=33
Fedoraproject Fedora=35
Netapp Cloud Backup
and 41 more
CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ...
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.1
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.78.0
Haxx Libcurl>=7.10.4<7.77.0
Fedoraproject Fedora=33
and 98 more
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 28 more
CVE-2021-22876
cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request hea...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 34 more
CVE-2020-8286
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 67 more
CVE-2020-8285
curl. A buffer overflow was addressed with improved input validation.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 105 more
CVE-2020-8231
A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience l...
redhat/curl<0:7.61.1-18.el8
debian/curl
debian/curl<=7.64.0-4+deb10u1<=7.64.0-4<=7.68.0-1
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
and 8 more
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
IBM Data Risk Manager<=2.0.6
debian/curl
debian/curl<=7.52.1-5+deb9u9<=7.64.0-3<=7.52.1-5
Haxx Libcurl>=7.19.4<=7.64.1
openSUSE Leap=15.0
openSUSE Leap=15.1
and 13 more
CVE-2019-3823
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termin...
Haxx Libcurl>=7.34.0<7.64.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Debian Debian Linux=9.0
and 17 more
CVE-2019-3822
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_messa...
ubuntu/curl<7.64.0
ubuntu/curl<7.47.0-1ubuntu2.12
ubuntu/curl<7.58.0-2ubuntu3.6
ubuntu/curl<7.61.0-1ubuntu2.3
redhat/curl<7.64.0
debian/curl
and 23 more
CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does ...
Haxx Libcurl>=7.36.0<7.64.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Debian Debian Linux=9.0
and 19 more
CVE-2018-14618
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figu...
redhat/curl<0:7.29.0-51.el7_6.3
redhat/httpd24-curl<0:7.61.1-1.el6
redhat/httpd24-httpd<0:2.4.34-7.el6
redhat/httpd24-nghttp2<0:1.7.1-7.el6
redhat/httpd24-curl<0:7.61.1-1.el7
redhat/httpd24-httpd<0:2.4.34-7.el7
and 17 more
CVE-2017-7468
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is al...
Haxx Libcurl>=7.52.0<=7.53.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203