Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs TODO Web Site Info
Protocols
HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs CA Extract SSL libs compared
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.62.0 vulnerabilities

Vulnerabilities in curl 7.62.0

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.62.0 was released on October 31 2018. The following 11 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
wrong connect-only connection7.29.07.71.1CVE-2020-8231CWE-825: Expired Pointer Dereference
curl overwrite local file with -J7.20.07.70.0CVE-2020-8177CWE-641: Improper Restriction of Names for Files and Other Resources
Partial password leak over DNS on HTTP redirect7.62.07.70.0CVE-2020-8169CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
FTP-KRB double-free7.52.07.65.3CVE-2019-5481CWE-415: Double Free
TFTP small blocksize heap buffer overflow7.19.47.65.3CVE-2019-5482CWE-122: Heap-based Buffer Overflow
Windows OpenSSL engine code injection7.61.07.65.1CVE-2019-5443CWE-94: Code Injection
TFTP receive buffer overflow7.19.47.64.1CVE-2019-5436CWE-122: Heap-based Buffer Overflow
Integer overflows in curl_url_set7.62.07.64.1CVE-2019-5435CWE-131: Incorrect Calculation of Buffer Size
NTLM type-2 out-of-bounds buffer read7.36.07.63.0CVE-2018-16890CWE-125: Out-of-bounds Read
NTLMv2 type-3 header stack buffer overflow7.36.07.63.0CVE-2019-3822CWE-121: Stack-based Buffer Overflow
SMTP end-of-response out-of-bounds read7.34.07.63.0CVE-2019-3823CWE-125: Out-of-bounds Read

Changelog for curl 7.62.0

See vulnerability summary for the previous release: 7.61.1 or the subsequent release: 7.63.0