curl / Docs / Vulnerability table / 7.65.3 vulnerabilities

Vulnerabilities in curl 7.65.3

curl version 7.65.3 was released on July 19 2019. The following 12 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
TELNET stack contents disclosure	7.7	7.76.1	CVE-2021-22898	CWE-457: Use of Uninitialized Variable
schannel cipher selection surprise	7.61.0	7.76.1	CVE-2021-22897	CWE-488: Exposure of Data Element to Wrong Session
TLS 1.3 session ticket proxy host mixup	7.63.0	7.75.0	CVE-2021-22890	CWE-290: Authentication Bypass by Spoofing
Automatic referer leaks credentials	7.1.1	7.75.0	CVE-2021-22876	CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
Inferior OCSP verification	7.41.0	7.73.0	CVE-2020-8286	CWE-299: Improper Check for Certificate Revocation
FTP wildcard stack overflow	7.21.0	7.73.0	CVE-2020-8285	CWE-674: Uncontrolled Recursion
trusting FTP PASV responses	4.0	7.73.0	CVE-2020-8284	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
wrong connect-only connection	7.29.0	7.71.1	CVE-2020-8231	CWE-825: Expired Pointer Dereference
curl overwrite local file with -J	7.20.0	7.70.0	CVE-2020-8177	CWE-641: Improper Restriction of Names for Files and Other Resources
Partial password leak over DNS on HTTP redirect	7.62.0	7.70.0	CVE-2020-8169	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
FTP-KRB double-free	7.52.0	7.65.3	CVE-2019-5481	CWE-415: Double Free
TFTP small blocksize heap buffer overflow	7.19.4	7.65.3	CVE-2019-5482	CWE-122: Heap-based Buffer Overflow