Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO Web Site Info
Protocols
alt-svc CA Extract HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.10.3 vulnerabilities

Vulnerabilities in curl 7.10.3

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.10.3 was released on January 14 2003. The following 31 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
TELNET option IAC injection7.77.88.1CVE-2023-27533CWE-75: Failure to Sanitize Special Elements into a Different Plane
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
TELNET stack contents disclosure again7.77.77.0CVE-2021-22925CWE-457: Use of Uninitialized Variable
TELNET stack contents disclosure7.77.76.1CVE-2021-22898CWE-457: Use of Uninitialized Variable
Automatic referer leaks credentials7.1.17.75.0CVE-2021-22876CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
FTP PWD response parser out of bounds read7.77.55.1CVE-2017-1000254CWE-126: Buffer Over-read
--write-out out of buffer read6.57.53.1CVE-2017-7407CWE-126: Buffer Over-read
printf floating point buffer overflow5.47.51.0CVE-2016-9586CWE-121: Stack-based Buffer Overflow
cookie injection for other servers4.97.50.3CVE-2016-8615CWE-187: Partial Comparison
case insensitive password comparison7.77.50.3CVE-2016-8616CWE-178: Improper Handling of Case Sensitivity
OOB write via unchecked multiplication7.37.50.3CVE-2016-8617CWE-131: Incorrect Calculation of Buffer Size
double-free in curl_maprintf5.47.50.3CVE-2016-8618CWE-415: Double Free
double-free in krb5 code7.37.50.3CVE-2016-8619CWE-415: Double Free
invalid URL parsing with '#'6.07.50.3CVE-2016-8624CWE-172: Encoding Error
TLS session resumption client cert bypass5.07.50.0CVE-2016-5419CWE-305: Authentication Bypass by Primary Weakness
Re-using connections with wrong client cert7.77.50.0CVE-2016-5420CWE-305: Authentication Bypass by Primary Weakness
sensitive HTTP server headers also sent to proxies4.07.42.0CVE-2015-3153CWE-201: Information Exposure Through Sent Data
URL request injection6.07.39.0CVE-2014-8150CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
cookie leak with IP address as domain4.07.37.1CVE-2014-3613CWE-201: Information Exposure Through Sent Data
IP address wildcard certificate validation7.10.37.35.0CVE-2014-0139CWE-297: Improper Validation of Certificate with Host Mismatch
URL decode buffer boundary flaw7.77.30.0CVE-2013-2174CWE-126: Buffer Over-read
cookie domain tailmatch6.07.29.0CVE-2013-1944CWE-201: Information Exposure Through Sent Data
embedded zero in cert name7.47.19.5CVE-2009-2417CWE-170: Improper Null Termination
Arbitrary File Access6.07.19.3CVE-2009-0037CWE-142: Improper Neutralization of Value Delimiters
Authentication Buffer Overflows7.37.13.0CVE-2005-0490CWE-121: Stack-based Buffer Overflow
Proxy Authentication Header Information Leakage4.57.10.6CVE-2003-1605CWE-201: Information Exposure Through Sent Data

Changelog for curl 7.10.3

See vulnerability summary for the previous release: 7.10.2 or the subsequent release: 7.10.4