curl / Docs / Vulnerability table / 5.5.1 vulnerabilities

Vulnerabilities in curl 5.5.1

curl version 5.5.1 was released on January 27 1999. The following 11 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
printf floating point buffer overflow5.47.51.0CVE-2016-9586CWE-121: Stack-based Buffer Overflow
cookie injection for other servers4.97.50.3CVE-2016-8615CWE-187: Partial Comparison
double-free in curl_maprintf5.47.50.3CVE-2016-8618CWE-415: Double Free
TLS session resumption client cert bypass5.07.50.0CVE-2016-5419CWE-305: Authentication Bypass by Primary Weakness
sensitive HTTP server headers also sent to proxies4.07.42.0CVE-2015-3153CWE-201: Information Exposure Through Sent Data
cookie leak with IP address as domain4.07.37.1CVE-2014-3613CWE-201: Information Exposure Through Sent Data
Proxy Authentication Header Information Leakage4.57.10.6CVE-2003-1605CWE-201: Information Exposure Through Sent Data

Changelog for curl 5.5.1

See vulnerability summary for the previous release: 5.5 or the subsequent release: 5.7