curl / Docs / Vulnerability table / 7.72.0 vulnerabilities

Vulnerabilities in curl 7.72.0

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.72.0 was released on August 19 2020. The following 14 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
STARTTLS protocol injection via MITM	7.20.0	7.78.0	CVE-2021-22947	CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
Protocol downgrade required TLS bypassed	7.20.0	7.78.0	CVE-2021-22946	CWE-325: Missing Cryptographic Step
CURLOPT_SSLCERT mixup with Secure Transport	7.33.0	7.77.0	CVE-2021-22926	CWE-295: Improper Certificate Validation
TELNET stack contents disclosure again	7.7	7.77.0	CVE-2021-22925	CWE-457: Use of Uninitialized Variable
Bad connection reuse due to flawed path name checks	7.10.4	7.77.0	CVE-2021-22924	CWE-295: Improper Certificate Validation
Metalink download sends credentials	7.27.0	7.77.0	CVE-2021-22923	CWE-522: Insufficiently Protected Credentials
Wrong content via metalink not discarded	7.27.0	7.77.0	CVE-2021-22922	CWE-20: Improper Input Validation
TELNET stack contents disclosure	7.7	7.76.1	CVE-2021-22898	CWE-457: Use of Uninitialized Variable
schannel cipher selection surprise	7.61.0	7.76.1	CVE-2021-22897	CWE-488: Exposure of Data Element to Wrong Session
TLS 1.3 session ticket proxy host mixup	7.63.0	7.75.0	CVE-2021-22890	CWE-290: Authentication Bypass by Spoofing
Automatic referer leaks credentials	7.1.1	7.75.0	CVE-2021-22876	CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
Inferior OCSP verification	7.41.0	7.73.0	CVE-2020-8286	CWE-299: Improper Check for Certificate Revocation
FTP wildcard stack overflow	7.21.0	7.73.0	CVE-2020-8285	CWE-674: Uncontrolled Recursion
trusting FTP PASV responses	4.0	7.73.0	CVE-2020-8284	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Changelog for curl 7.72.0

See vulnerability summary for the previous release: 7.71.1 or the subsequent release: 7.73.0