curl / Docs / Vulnerability table / 7.10.5 vulnerabilities

Vulnerabilities in curl 7.10.5

curl version 7.10.5 was released on May 19 2003

It has the following 40 published security problems.

SFlawFirstLast
LCVE-2026-8932: incomplete mTLS config matching in conn reuse7.78.20.0
LCVE-2026-3784: wrong proxy connection reuse with credentials7.78.18.0
LCVE-2025-0725: gzip integer overflow7.10.58.11.1
LCVE-2023-38546: cookie injection with none file7.9.18.3.0
LCVE-2023-28322: more POST-after-PUT confusion7.78.0.1
LCVE-2023-28320: siglongjmp race condition7.9.88.0.1
LCVE-2023-27533: TELNET option IAC injection7.77.88.1
MCVE-2022-32221: POST following PUT confusion7.77.85.0
LCVE-2022-35252: control code in cookie denial of service4.97.84.0
LCVE-2022-27776: Auth/cookie leak on redirect4.97.82.0
MCVE-2022-27774: Credential leak on redirect4.97.82.0
MCVE-2021-22925: TELNET stack contents disclosure again7.77.77.0
MCVE-2021-22924: Bad connection reuse due to flawed path name checks7.10.47.77.0
MCVE-2021-22898: TELNET stack contents disclosure7.77.76.1
LCVE-2021-22876: Automatic referer leaks credentials7.1.17.75.0
LCVE-2020-8284: trusting FTP PASV responses4.07.73.0
LCVE-2018-1000007: HTTP authentication leak in redirects6.07.57.0
MCVE-2017-1000254: FTP PWD response parser out of bounds read7.77.55.1
MCVE-2017-7407: --write-out out of buffer read6.57.53.1
MCVE-2016-9586: printf floating point buffer overflow5.47.51.0
HCVE-2016-8615: cookie injection for other servers4.97.50.3
MCVE-2016-8616: case insensitive password comparison7.77.50.3
MCVE-2016-8617: OOB write via unchecked multiplication7.8.17.50.3
MCVE-2016-8618: double free in curl_maprintf5.47.50.3
HCVE-2016-8619: double free in krb5 code7.37.50.3
MCVE-2016-8624: invalid URL parsing with '#'6.07.50.3
HCVE-2016-5419: TLS session resumption client cert bypass5.07.50.0
MCVE-2016-5420: Reusing connections with wrong client cert7.77.50.0
HCVE-2016-0754: remote filename path traversal in curl tool for Windows4.07.46.0
HCVE-2015-3153: sensitive HTTP server headers also sent to proxies4.07.42.0
HCVE-2014-8150: URL request injection6.07.39.0
MCVE-2014-3613: cookie leak with IP address as domain4.07.37.1
MCVE-2014-0139: IP address wildcard certificate validation7.10.37.35.0
HCVE-2013-2174: URL decode buffer boundary flaw7.77.30.0
HCVE-2013-1944: cookie domain tailmatch4.77.29.0
HCVE-2010-0734: data callback excessive length7.10.57.19.7
HCVE-2009-2417: embedded zero in cert name7.47.19.5
MCVE-2009-0037: Arbitrary File Access5.117.19.3
HCVE-2005-0490: Authentication Buffer Overflows7.37.13.0
HCVE-2003-1605: Proxy Authentication Header Information Leakage4.57.10.6

Further details

CVE data for 7.10.5 provided as JSON.

Changelog for curl 7.10.5

See vulnerability summary for the previous release: 7.10.4 or the subsequent release: 7.10.6