Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs TODO Web Site Info
Protocols
HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs CA Extract SSL libs compared URL syntax
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 6.2 vulnerabilities

Vulnerabilities in curl 6.2

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 6.2 was released on October 21 1999. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
URL request injection6.07.39.0CVE-2014-8150CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
cookie domain tailmatch6.07.29.0CVE-2013-1944CWE-201: Information Exposure Through Sent Data
Arbitrary File Access6.07.19.3CVE-2009-0037CWE-142: Improper Neutralization of Value Delimiters
FTP Server Response Buffer Overflow6.07.4CVE-2000-0973CWE-121: Stack-based Buffer Overflow

Changelog for curl 6.2

See vulnerability summary for the previous release: 6.1 or the subsequent release: 6.3