Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs TODO Web Site Info
Protocols
HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs CA Extract SSL libs compared URL syntax
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.74.0 vulnerabilities

Vulnerabilities in curl 7.74.0

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.74.0 was released on December 9 2020. The following 9 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
CURLOPT_SSLCERT mixup with Secure Transport7.33.07.77.0CVE-2021-22926CWE-295: Improper Certificate Validation
TELNET stack contents disclosure again7.77.77.0CVE-2021-22925CWE-457: Use of Uninitialized Variable
Bad connection reuse due to flawed path name checks7.10.47.77.0CVE-2021-22924CWE-295: Improper Certificate Validation
Metalink download sends credentials7.27.07.77.0CVE-2021-22923CWE-522: Insufficiently Protected Credentials
Wrong content via metalink not discarded7.27.07.77.0CVE-2021-22922CWE-20: Improper Input Validation
TELNET stack contents disclosure7.77.76.1CVE-2021-22898CWE-457: Use of Uninitialized Variable
schannel cipher selection surprise7.61.07.76.1CVE-2021-22897CWE-488: Exposure of Data Element to Wrong Session
TLS 1.3 session ticket proxy host mixup7.63.07.75.0CVE-2021-22890CWE-290: Authentication Bypass by Spoofing
Automatic referer leaks credentials7.1.17.75.0CVE-2021-22876CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

Changelog for curl 7.74.0

See vulnerability summary for the previous release: 7.73.0 or the subsequent release: 7.75.0