curl / Docs / Vulnerability table / 7.78.0 vulnerabilities

Vulnerabilities in curl 7.78.0

curl version 7.78.0 was released on July 21 2021. The following 3 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
STARTTLS protocol injection via MITM7. Acceptance of Extraneous Untrusted Data With Trusted Data
Protocol downgrade required TLS bypassed7. Missing Cryptographic Step
UAF and double-free in MQTT sending7. Double Free

Changelog for curl 7.78.0

See vulnerability summary for the previous release: 7.77.0 or the subsequent release: 7.79.0