Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs TODO Web Site Info
Protocols
HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs CA Extract SSL libs compared URL syntax
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.65.3 vulnerabilities

Vulnerabilities in curl 7.65.3

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.65.3 was released on July 19 2019. The following 8 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
Inferior OCSP verification7.41.07.73.0CVE-2020-8286CWE-299: Improper Check for Certificate Revocation
FTP wildcard stack overflow7.21.07.73.0CVE-2020-8285CWE-674: Uncontrolled Recursion
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
wrong connect-only connection7.29.07.71.1CVE-2020-8231CWE-825: Expired Pointer Dereference
curl overwrite local file with -J7.20.07.70.0CVE-2020-8177CWE-641: Improper Restriction of Names for Files and Other Resources
Partial password leak over DNS on HTTP redirect7.62.07.70.0CVE-2020-8169CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
FTP-KRB double-free7.52.07.65.3CVE-2019-5481CWE-415: Double Free
TFTP small blocksize heap buffer overflow7.19.47.65.3CVE-2019-5482CWE-122: Heap-based Buffer Overflow

Changelog for curl 7.65.3

See vulnerability summary for the previous release: 7.65.2 or the subsequent release: 7.66.0