curl / Docs / Vulnerability table / 7.10.5 vulnerabilities

Vulnerabilities in curl 7.10.5

curl version 7.10.5 was released on May 19 2003. The following 32 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
POST following PUT confusion	7.7	7.85.0	CVE-2022-32221	CWE-440: Expected Behavior Violation
control code in cookie denial of service	4.9	7.84.0	CVE-2022-35252	CWE-1286: Improper Validation of Syntactic Correctness of Input
Auth/cookie leak on redirect	4.9	7.82.0	CVE-2022-27776	CWE-522: Insufficiently Protected Credentials
Credential leak on redirect	4.9	7.82.0	CVE-2022-27774	CWE-522: Insufficiently Protected Credentials
TELNET stack contents disclosure again	7.7	7.77.0	CVE-2021-22925	CWE-457: Use of Uninitialized Variable
Bad connection reuse due to flawed path name checks	7.10.4	7.77.0	CVE-2021-22924	CWE-295: Improper Certificate Validation
TELNET stack contents disclosure	7.7	7.76.1	CVE-2021-22898	CWE-457: Use of Uninitialized Variable
Automatic referer leaks credentials	7.1.1	7.75.0	CVE-2021-22876	CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
trusting FTP PASV responses	4.0	7.73.0	CVE-2020-8284	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
HTTP authentication leak in redirects	6.0	7.57.0	CVE-2018-1000007	CWE-522: Insufficiently Protected Credentials
FTP PWD response parser out of bounds read	7.7	7.55.1	CVE-2017-1000254	CWE-126: Buffer Over-read
--write-out out of buffer read	6.5	7.53.1	CVE-2017-7407	CWE-126: Buffer Over-read
printf floating point buffer overflow	5.4	7.51.0	CVE-2016-9586	CWE-121: Stack-based Buffer Overflow
cookie injection for other servers	4.9	7.50.3	CVE-2016-8615	CWE-187: Partial Comparison
case insensitive password comparison	7.7	7.50.3	CVE-2016-8616	CWE-178: Improper Handling of Case Sensitivity
OOB write via unchecked multiplication	7.3	7.50.3	CVE-2016-8617	CWE-131: Incorrect Calculation of Buffer Size
double-free in curl_maprintf	5.4	7.50.3	CVE-2016-8618	CWE-415: Double Free
double-free in krb5 code	7.3	7.50.3	CVE-2016-8619	CWE-415: Double Free
invalid URL parsing with '#'	6.0	7.50.3	CVE-2016-8624	CWE-172: Encoding Error
TLS session resumption client cert bypass	5.0	7.50.0	CVE-2016-5419	CWE-305: Authentication Bypass by Primary Weakness
Re-using connections with wrong client cert	7.7	7.50.0	CVE-2016-5420	CWE-305: Authentication Bypass by Primary Weakness
sensitive HTTP server headers also sent to proxies	4.0	7.42.0	CVE-2015-3153	CWE-201: Information Exposure Through Sent Data
URL request injection	6.0	7.39.0	CVE-2014-8150	CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
cookie leak with IP address as domain	4.0	7.37.1	CVE-2014-3613	CWE-201: Information Exposure Through Sent Data
IP address wildcard certificate validation	7.10.3	7.35.0	CVE-2014-0139	CWE-297: Improper Validation of Certificate with Host Mismatch
URL decode buffer boundary flaw	7.7	7.30.0	CVE-2013-2174	CWE-126: Buffer Over-read
cookie domain tailmatch	6.0	7.29.0	CVE-2013-1944	CWE-201: Information Exposure Through Sent Data
data callback excessive length	7.10.5	7.19.7	CVE-2010-0734	CWE-628: Function Call with Incorrectly Specified Arguments
embedded zero in cert name	7.4	7.19.5	CVE-2009-2417	CWE-170: Improper Null Termination
Arbitrary File Access	6.0	7.19.3	CVE-2009-0037	CWE-142: Improper Neutralization of Value Delimiters
Authentication Buffer Overflows	7.3	7.13.0	CVE-2005-0490	CWE-121: Stack-based Buffer Overflow
Proxy Authentication Header Information Leakage	4.5	7.10.6	CVE-2003-1605	CWE-201: Information Exposure Through Sent Data

Changelog for curl 7.10.5

See vulnerability summary for the previous release: 7.10.4 or the subsequent release: 7.10.6