curl / Docs / Vulnerability table / 7.76.1 vulnerabilities

Vulnerabilities in curl 7.76.1

curl version 7.76.1 was released on April 14 2021. The following 8 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
CURLOPT_SSLCERT mixup with Secure Transport7. Improper Certificate Validation
TELNET stack contents disclosure again7.77.77.0CVE-2021-22925CWE-457: Use of Uninitialized Variable
Bad connection reuse due to flawed path name checks7. Improper Certificate Validation
Metalink download sends credentials7. Insufficiently Protected Credentials
Wrong content via metalink not discarded7. Improper Input Validation
TLS session caching disaster7. Use After Free
TELNET stack contents disclosure7.77.76.1CVE-2021-22898CWE-457: Use of Uninitialized Variable
schannel cipher selection surprise7. Exposure of Data Element to Wrong Session

Changelog for curl 7.76.1

See vulnerability summary for the previous release: 7.76.0 or the subsequent release: 7.77.0