Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs TODO Web Site Info
Protocols
HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs CA Extract SSL libs compared URL syntax
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.78.0 vulnerabilities

Vulnerabilities in curl 7.78.0

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.78.0 was released on July 21 2021. The following 3 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
STARTTLS protocol injection via MITM7.20.07.78.0CVE-2021-22947CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
Protocol downgrade required TLS bypassed7.20.07.78.0CVE-2021-22946CWE-325: Missing Cryptographic Step
UAF and double-free in MQTT sending7.73.07.78.0CVE-2021-22945CWE-415: Double Free

Changelog for curl 7.78.0

See vulnerability summary for the previous release: 7.77.0 or the subsequent release: 7.79.0