curl / Docs / Vulnerability table / 7.64.1 vulnerabilities

Vulnerabilities in curl 7.64.1

curl version 7.64.1 was released on March 27 2019. The following 11 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
Inferior OCSP verification7.41.07.73.0CVE-2020-8286CWE-299: Improper Check for Certificate Revocation
FTP wildcard stack overflow7.21.07.73.0CVE-2020-8285CWE-674: Uncontrolled Recursion
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
wrong connect-only connection7.29.07.71.1CVE-2020-8231CWE-825: Expired Pointer Dereference
curl overwrite local file with -J7.20.07.70.0CVE-2020-8177CWE-641: Improper Restriction of Names for Files and Other Resources
Partial password leak over DNS on HTTP redirect7.62.07.70.0CVE-2020-8169CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
FTP-KRB double-free7.52.07.65.3CVE-2019-5481CWE-415: Double Free
TFTP small blocksize heap buffer overflow7.19.47.65.3CVE-2019-5482CWE-122: Heap-based Buffer Overflow
Windows OpenSSL engine code injection7.61.07.65.1CVE-2019-5443CWE-94: Code Injection
TFTP receive buffer overflow7.19.47.64.1CVE-2019-5436CWE-122: Heap-based Buffer Overflow
Integer overflows in curl_url_set7.62.07.64.1CVE-2019-5435CWE-131: Incorrect Calculation of Buffer Size

Changelog for curl 7.64.1

See vulnerability summary for the previous release: 7.64.0 or the subsequent release: 7.65.0