curl / Docs / Vulnerability table / 7.78.0 vulnerabilities

Vulnerabilities in curl 7.78.0

curl version 7.78.0 was released on July 21 2021. The following 9 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
TLS and SSH connection too eager reuse7.16.17.83.0CVE-2022-27782CWE-305: Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7.34.07.83.0CVE-2022-27781CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Bad local IPv6 connection reuse7.65.07.82.0CVE-2022-27775CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7.33.07.82.0CVE-2022-22576CWE-305: Authentication Bypass by Primary Weakness
STARTTLS protocol injection via MITM7.20.07.78.0CVE-2021-22947CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
Protocol downgrade required TLS bypassed7.20.07.78.0CVE-2021-22946CWE-325: Missing Cryptographic Step
UAF and double-free in MQTT sending7.73.07.78.0CVE-2021-22945CWE-415: Double Free

Changelog for curl 7.78.0

See vulnerability summary for the previous release: 7.77.0 or the subsequent release: 7.79.0