curl / Docs / Vulnerability table / 7.79.1 vulnerabilities

Vulnerabilities in curl 7.79.1

curl version 7.79.1 was released on September 22 2021

It has the following 34 published security problems.

Flaw	From version	To and including
HSTS subdomain overwrites parent cache entry	7.74.0	8.10.1
OCSP stapling bypass with GnuTLS	7.41.0	8.9.1
ASN.1 date parser overread	7.32.0	8.9.0
HTTP/2 push headers memory-leak	7.44.0	8.6.0
cookie mixed case PSL bypass	7.46.0	8.4.0
cookie injection with none file	7.9.1	8.3.0
SOCKS5 heap buffer overflow	7.69.0	8.3.0
more POST-after-PUT confusion	7.7	8.0.1
IDN wildcard match	7.12.0	8.0.1
siglongjmp race condition	7.9.8	8.0.1
SSH connection too eager reuse still	7.16.1	7.88.1
GSS delegation too eager connection re-use	7.22.0	7.88.1
FTP too eager connection reuse	7.13.0	7.88.1
SFTP path ~ resolving discrepancy	7.18.0	7.88.1
TELNET option IAC injection	7.7	7.88.1
HTTP multi-header compression denial of service	7.57.0	7.87.0
HSTS amnesia with --parallel	7.77.0	7.87.0
HSTS ignored on multiple requests	7.77.0	7.87.0
HTTP Proxy deny use after free	7.16.0	7.86.0
Another HSTS bypass via IDN	7.77.0	7.86.0
HSTS bypass via IDN	7.77.0	7.85.0
HTTP proxy double free	7.77.0	7.85.0
POST following PUT confusion	7.7	7.85.0
control code in cookie denial of service	4.9	7.84.0
FTP-KRB bad message verification	7.16.4	7.83.1
Non-preserved file permissions	7.69.0	7.83.1
HTTP compression denial of service	7.57.0	7.83.1
Set-Cookie denial of service	7.71.0	7.83.1
TLS and SSH connection too eager reuse	7.16.1	7.83.0
CERTINFO never-ending busy-loop	7.34.0	7.83.0
Auth/cookie leak on redirect	4.9	7.82.0
Bad local IPv6 connection reuse	7.65.0	7.82.0
Credential leak on redirect	4.9	7.82.0
OAUTH2 bearer bypass in connection re-use	7.33.0	7.82.0

Futher details

CVE data for 7.79.1 provided as JSON.