curl / Docs / Vulnerability table / 7.21.7 vulnerabilities

Vulnerabilities in curl 7.21.7

curl version 7.21.7 was released on June 23 2011. The following 70 security problems are known to exist in this version.

Flaw	From version	To and including
more POST-after-PUT confusion	7.7	8.0.1
IDN wildcard match	7.12.0	8.0.1
siglongjmp race condition	7.9.8	8.0.1
SSH connection too eager reuse still	7.16.1	7.88.1
FTP too eager connection reuse	7.13.0	7.88.1
SFTP path ~ resolving discrepancy	7.18.0	7.88.1
TELNET option IAC injection	7.7	7.88.1
HTTP Proxy deny use after free	7.16.0	7.86.0
POST following PUT confusion	7.7	7.85.0
control code in cookie denial of service	4.9	7.84.0
FTP-KRB bad message verification	7.16.4	7.83.1
TLS and SSH connection too eager reuse	7.16.1	7.83.0
Auth/cookie leak on redirect	4.9	7.82.0
Credential leak on redirect	4.9	7.82.0
STARTTLS protocol injection via MITM	7.20.0	7.78.0
Protocol downgrade required TLS bypassed	7.20.0	7.78.0
TELNET stack contents disclosure again	7.7	7.77.0
Bad connection reuse due to flawed path name checks	7.10.4	7.77.0
TELNET stack contents disclosure	7.7	7.76.1
Automatic referer leaks credentials	7.1.1	7.75.0
FTP wildcard stack overflow	7.21.0	7.73.0
trusting FTP PASV responses	4.0	7.73.0
curl overwrite local file with -J	7.20.0	7.70.0
TFTP small blocksize heap buffer overflow	7.19.4	7.65.3
TFTP receive buffer overflow	7.19.4	7.64.1
warning message out-of-buffer read	7.14.1	7.61.1
NTLM password overflow via integer overflow	7.15.4	7.61.0
RTSP bad headers buffer over-read	7.20.0	7.59.0
RTSP RTP buffer over-read	7.20.0	7.58.0
LDAP NULL pointer dereference	7.21.0	7.58.0
FTP path trickery leads to NIL byte out of bounds write	7.12.3	7.58.0
HTTP authentication leak in redirects	6.0	7.57.0
FTP wildcard out of bounds read	7.21.0	7.56.1
IMAP FETCH response out of bounds read	7.20.0	7.56.0
FTP PWD response parser out of bounds read	7.7	7.55.1
TFTP sends more than buffer size	7.15.0	7.54.1
--write-out out of buffer read	6.5	7.53.1
printf floating point buffer overflow	5.4	7.51.0
cookie injection for other servers	4.9	7.50.3
case insensitive password comparison	7.7	7.50.3
OOB write via unchecked multiplication	7.8.1	7.50.3
double free in curl_maprintf	5.4	7.50.3
double free in krb5 code	7.3	7.50.3
curl_getdate read out of bounds	7.12.2	7.50.3
Use after free via shared cookies	7.10.7	7.50.3
invalid URL parsing with '#'	6.0	7.50.3
IDNA 2003 makes curl use wrong host	7.12.0	7.50.3
curl escape and unescape integer overflows	7.11.1	7.50.2
Incorrect reuse of client certificates	7.19.6	7.50.1
TLS session resumption client cert bypass	5.0	7.50.0
Re-using connections with wrong client cert	7.7	7.50.0
Windows DLL hijacking	7.11.1	7.49.0
TLS certificate check bypass with mbedTLS/PolarSSL	7.21.0	7.48.0
remote file name path traversal in curl tool for Windows	4.0	7.46.0
NTLM credentials not-checked for proxy connection re-use	7.10.7	7.46.0
sensitive HTTP server headers also sent to proxies	4.0	7.42.0
Negotiate not treated as connection-oriented	7.10.6	7.41.0
Re-using authenticated connection when unauthenticated	7.10.6	7.41.0
URL request injection	6.0	7.39.0
duphandle read out of bounds	7.17.1	7.38.0
cookie leak with IP address as domain	4.0	7.37.1
IP address wildcard certificate validation	7.10.3	7.35.0
wrong re-use of connections	7.10.6	7.35.0
re-use of wrong HTTP NTLM connection	7.10.6	7.34.0
cert name check ignore with GnuTLS	7.21.4	7.33.0
cert name check ignore OpenSSL	7.18.0	7.32.0
URL decode buffer boundary flaw	7.7	7.30.0
cookie domain tailmatch	4.7	7.29.0
SSL CBC IV vulnerability	7.10.6	7.23.1
URL sanitization vulnerability	7.20.0	7.23.1

CVE data for 7.21.7 provided as JSON.

Changelog for curl 7.21.7

See vulnerability summary for the previous release: 7.21.6 or the subsequent release: 7.22.0