curl / Docs / Vulnerability table / 7.78.0 vulnerabilities

Vulnerabilities in curl 7.78.0

curl version 7.78.0 was released on July 21 2021. The following 9 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
TLS and SSH connection too eager reuse7. Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7. Loop with Unreachable Exit Condition ('Infinite Loop')
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Bad local IPv6 connection reuse7. Exposure of Sensitive Information to an Unauthorized Actor
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7. Authentication Bypass by Primary Weakness
STARTTLS protocol injection via MITM7. Acceptance of Extraneous Untrusted Data With Trusted Data
Protocol downgrade required TLS bypassed7. Missing Cryptographic Step
UAF and double-free in MQTT sending7. Double Free

Changelog for curl 7.78.0

See vulnerability summary for the previous release: 7.77.0 or the subsequent release: 7.79.0