curl / Docs / Vulnerability table / 7.2.1 vulnerabilities

Vulnerabilities in curl 7.2.1

curl version 7.2.1 was released on August 31 2000

It has the following 20 published security problems.

S	Flaw	First	Last
L	CVE-2022-35252: control code in cookie denial of service	4.9	7.84.0
L	CVE-2022-27776: Auth/cookie leak on redirect	4.9	7.82.0
M	CVE-2022-27774: Credential leak on redirect	4.9	7.82.0
L	CVE-2021-22876: Automatic referer leaks credentials	7.1.1	7.75.0
L	CVE-2020-8284: trusting FTP PASV responses	4.0	7.73.0
L	CVE-2018-1000007: HTTP authentication leak in redirects	6.0	7.57.0
M	CVE-2017-7407: --write-out out of buffer read	6.5	7.53.1
M	CVE-2016-9586: printf floating point buffer overflow	5.4	7.51.0
H	CVE-2016-8615: cookie injection for other servers	4.9	7.50.3
M	CVE-2016-8618: double free in curl_maprintf	5.4	7.50.3
M	CVE-2016-8624: invalid URL parsing with '#'	6.0	7.50.3
H	CVE-2016-5419: TLS session resumption client cert bypass	5.0	7.50.0
H	CVE-2016-0754: remote filename path traversal in curl tool for Windows	4.0	7.46.0
H	CVE-2015-3153: sensitive HTTP server headers also sent to proxies	4.0	7.42.0
H	CVE-2014-8150: URL request injection	6.0	7.39.0
M	CVE-2014-3613: cookie leak with IP address as domain	4.0	7.37.1
H	CVE-2013-1944: cookie domain tailmatch	4.7	7.29.0
M	CVE-2009-0037: Arbitrary File Access	5.11	7.19.3
H	CVE-2003-1605: Proxy Authentication Header Information Leakage	4.5	7.10.6
C	CVE-2000-0973: FTP Server Response Buffer Overflow	6.0	7.4

Further details

CVE data for 7.2.1 provided as JSON.