curl / Docs / Vulnerability table / 7.51.0 vulnerabilities

Vulnerabilities in curl 7.51.0

curl version 7.51.0 was released on November 2 2016. The following 46 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification7. Improper Enforcement of Message Integrity During Transmission in a Communication Channel
TLS and SSH connection too eager reuse7. Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7. Loop with Unreachable Exit Condition ('Infinite Loop')
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7. Authentication Bypass by Primary Weakness
STARTTLS protocol injection via MITM7. Acceptance of Extraneous Untrusted Data With Trusted Data
Protocol downgrade required TLS bypassed7. Missing Cryptographic Step
CURLOPT_SSLCERT mixup with Secure Transport7. Improper Certificate Validation
TELNET stack contents disclosure again7.77.77.0CVE-2021-22925CWE-457: Use of Uninitialized Variable
Bad connection reuse due to flawed path name checks7. Improper Certificate Validation
Metalink download sends credentials7. Insufficiently Protected Credentials
Wrong content via metalink not discarded7. Improper Input Validation
TELNET stack contents disclosure7.77.76.1CVE-2021-22898CWE-457: Use of Uninitialized Variable
Automatic referer leaks credentials7. Exposure of Private Personal Information to an Unauthorized Actor
Inferior OCSP verification7. Improper Check for Certificate Revocation
FTP wildcard stack overflow7. Uncontrolled Recursion
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
wrong connect-only connection7. Expired Pointer Dereference
curl overwrite local file with -J7. Improper Restriction of Names for Files and Other Resources
TFTP small blocksize heap buffer overflow7. Heap-based Buffer Overflow
TFTP receive buffer overflow7. Heap-based Buffer Overflow
NTLM type-2 out-of-bounds buffer read7. Out-of-bounds Read
NTLMv2 type-3 header stack buffer overflow7. Stack-based Buffer Overflow
SMTP end-of-response out-of-bounds read7. Out-of-bounds Read
warning message out-of-buffer read7. Out-of-bounds Read
SASL password overflow via integer overflow7. Incorrect Calculation of Buffer Size
NTLM password overflow via integer overflow7. Incorrect Calculation of Buffer Size
RTSP bad headers buffer over-read7. Buffer Over-read
RTSP RTP buffer over-read7. Buffer Over-read
LDAP NULL pointer dereference7. NULL Pointer Dereference
FTP path trickery leads to NIL byte out of bounds write7. Heap-based Buffer Overflow
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
HTTP/2 trailer out-of-bounds read7. Buffer Over-read
FTP wildcard out of bounds read7. Buffer Over-read
NTLM buffer overflow via integer overflow7. Incorrect Calculation of Buffer Size
IMAP FETCH response out of bounds read7. Buffer Over-read
FTP PWD response parser out of bounds read7.77.55.1CVE-2017-1000254CWE-126: Buffer Over-read
URL globbing out of bounds read7. Buffer Over-read
TFTP sends more than buffer size7. Buffer Over-read
--write-out out of buffer read6.57.53.1CVE-2017-7407CWE-126: Buffer Over-read
printf floating point buffer overflow5.47.51.0CVE-2016-9586CWE-121: Stack-based Buffer Overflow
Win CE schannel cert wildcard matches too much7. Improper Certificate Validation
Win CE schannel cert name out of buffer read7. Buffer Over-read

Changelog for curl 7.51.0

See vulnerability summary for the previous release: 7.50.3 or the subsequent release: 7.52.0