curl / Docs / Vulnerability table / 7.61.0 vulnerabilities

Vulnerabilities in curl 7.61.0

curl version 7.61.0 was released on July 11 2018. The following 13 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
wrong connect-only connection	7.29.0	7.71.1	CVE-2020-8231	CWE-825: Expired Pointer Dereference
curl overwrite local file with -J	7.20.0	7.70.0	CVE-2020-8177	CWE-641: Improper Restriction of Names for Files and Other Resources
FTP-KRB double-free	7.52.0	7.65.3	CVE-2019-5481	CWE-415: Double Free
TFTP small blocksize heap buffer overflow	7.19.4	7.65.3	CVE-2019-5482	CWE-122: Heap-based Buffer Overflow
Windows OpenSSL engine code injection	7.61.0	7.65.1	CVE-2019-5443	CWE-94: Code Injection
TFTP receive buffer overflow	7.19.4	7.64.1	CVE-2019-5436	CWE-122: Heap-based Buffer Overflow
NTLM type-2 out-of-bounds buffer read	7.36.0	7.63.0	CVE-2018-16890	CWE-125: Out-of-bounds Read
NTLMv2 type-3 header stack buffer overflow	7.36.0	7.63.0	CVE-2019-3822	CWE-121: Stack-based Buffer Overflow
SMTP end-of-response out-of-bounds read	7.34.0	7.63.0	CVE-2019-3823	CWE-125: Out-of-bounds Read
warning message out-of-buffer read	7.14.1	7.61.1	CVE-2018-16842	CWE-125: Out-of-bounds Read
use-after-free in handle close	7.59.0	7.61.1	CVE-2018-16840	CWE-416: Use After Free
SASL password overflow via integer overflow	7.33.0	7.61.1	CVE-2018-16839	CWE-131: Incorrect Calculation of Buffer Size
NTLM password overflow via integer overflow	7.15.4	7.61.0	CVE-2018-14618	CWE-131: Incorrect Calculation of Buffer Size