curl / Docs / Vulnerability table / 7.75.0 vulnerabilities

Vulnerabilities in curl 7.75.0

curl version 7.75.0 was released on February 3 2021. The following 5 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
TLS session caching disaster7.75.07.76.1CVE-2021-22901CWE-416: Use After Free
TELNET stack contents disclosure7.77.76.1CVE-2021-22898CWE-457: Use of Uninitialized Variable
schannel cipher selection surprise7.61.07.76.1CVE-2021-22897CWE-488: Exposure of Data Element to Wrong Session
TLS 1.3 session ticket proxy host mixup7.63.07.75.0CVE-2021-22890CWE-290: Authentication Bypass by Spoofing
Automatic referer leaks credentials7.1.17.75.0CVE-2021-22876CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

Changelog for curl 7.75.0

See vulnerability summary for the previous release: 7.74.0 or the subsequent release: 7.76.0