curl / Docs / Vulnerability table / 7.62.0 vulnerabilities

Vulnerabilities in curl 7.62.0

curl version 7.62.0 was released on October 31 2018. The following 14 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
Inferior OCSP verification	7.41.0	7.73.0	CVE-2020-8286	CWE-299: Improper Check for Certificate Revocation
FTP wildcard stack overflow	7.21.0	7.73.0	CVE-2020-8285	CWE-674: Uncontrolled Recursion
trusting FTP PASV responses	4.0	7.73.0	CVE-2020-8284	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
wrong connect-only connection	7.29.0	7.71.1	CVE-2020-8231	CWE-825: Expired Pointer Dereference
curl overwrite local file with -J	7.20.0	7.70.0	CVE-2020-8177	CWE-641: Improper Restriction of Names for Files and Other Resources
Partial password leak over DNS on HTTP redirect	7.62.0	7.70.0	CVE-2020-8169	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
FTP-KRB double-free	7.52.0	7.65.3	CVE-2019-5481	CWE-415: Double Free
TFTP small blocksize heap buffer overflow	7.19.4	7.65.3	CVE-2019-5482	CWE-122: Heap-based Buffer Overflow
Windows OpenSSL engine code injection	7.61.0	7.65.1	CVE-2019-5443	CWE-94: Code Injection
TFTP receive buffer overflow	7.19.4	7.64.1	CVE-2019-5436	CWE-122: Heap-based Buffer Overflow
Integer overflows in curl_url_set	7.62.0	7.64.1	CVE-2019-5435	CWE-131: Incorrect Calculation of Buffer Size
NTLM type-2 out-of-bounds buffer read	7.36.0	7.63.0	CVE-2018-16890	CWE-125: Out-of-bounds Read
NTLMv2 type-3 header stack buffer overflow	7.36.0	7.63.0	CVE-2019-3822	CWE-121: Stack-based Buffer Overflow
SMTP end-of-response out-of-bounds read	7.34.0	7.63.0	CVE-2019-3823	CWE-125: Out-of-bounds Read