curl / Docs / Vulnerability table / 6.5.2 vulnerabilities

Vulnerabilities in curl 6.5.2

curl version 6.5.2 was released on March 21 2000. The following 7 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
--write-out out of buffer read6.57.53.1CVE-2017-7407CWE-126: Buffer Over-read
URL request injection6.07.39.0CVE-2014-8150CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
cookie domain tailmatch6.07.29.0CVE-2013-1944CWE-201: Information Exposure Through Sent Data
Arbitrary File Access6.07.19.3CVE-2009-0037CWE-142: Improper Neutralization of Value Delimiters
FTP Server Response Buffer Overflow6.07.4CVE-2000-0973CWE-121: Stack-based Buffer Overflow

Changelog for curl 6.5.2

See vulnerability summary for the previous release: 6.5.1 or the subsequent release: 7.1