curl / Docs / Vulnerability table / 7.76.0 vulnerabilities

Vulnerabilities in curl 7.76.0

curl version 7.76.0 was released on March 31 2021. The following 33 security problems are known to exist in this version.

Flaw	From version	To and including
more POST-after-PUT confusion	7.7	8.0.1
IDN wildcard match	7.12.0	8.0.1
siglongjmp race condition	7.9.8	8.0.1
SSH connection too eager reuse still	7.16.1	7.88.1
GSS delegation too eager connection re-use	7.22.0	7.88.1
FTP too eager connection reuse	7.13.0	7.88.1
SFTP path ~ resolving discrepancy	7.18.0	7.88.1
TELNET option IAC injection	7.7	7.88.1
HTTP multi-header compression denial of service	7.57.0	7.87.0
HTTP Proxy deny use after free	7.16.0	7.86.0
POST following PUT confusion	7.7	7.85.0
control code in cookie denial of service	4.9	7.84.0
FTP-KRB bad message verification	7.16.4	7.83.1
Non-preserved file permissions	7.69.0	7.83.1
HTTP compression denial of service	7.57.0	7.83.1
Set-Cookie denial of service	7.71.0	7.83.1
TLS and SSH connection too eager reuse	7.16.1	7.83.0
CERTINFO never-ending busy-loop	7.34.0	7.83.0
Auth/cookie leak on redirect	4.9	7.82.0
Bad local IPv6 connection reuse	7.65.0	7.82.0
Credential leak on redirect	4.9	7.82.0
OAUTH2 bearer bypass in connection re-use	7.33.0	7.82.0
STARTTLS protocol injection via MITM	7.20.0	7.78.0
Protocol downgrade required TLS bypassed	7.20.0	7.78.0
UAF and double free in MQTT sending	7.73.0	7.78.0
CURLOPT_SSLCERT mix-up with Secure Transport	7.33.0	7.77.0
TELNET stack contents disclosure again	7.7	7.77.0
Bad connection reuse due to flawed path name checks	7.10.4	7.77.0
Metalink download sends credentials	7.27.0	7.77.0
Wrong content via Metalink not discarded	7.27.0	7.77.0
TLS session caching disaster	7.75.0	7.76.1
TELNET stack contents disclosure	7.7	7.76.1
Schannel cipher selection surprise	7.61.0	7.76.1

CVE data for 7.76.0 provided as JSON.

Changelog for curl 7.76.0

See vulnerability summary for the previous release: 7.75.0 or the subsequent release: 7.76.1