curl / Docs / Vulnerability table / 7.81.0 vulnerabilities

Vulnerabilities in curl 7.81.0

curl version 7.81.0 was released on January 5 2022. The following 15 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HSTS bypass via IDN7.77.07.85.0CVE-2022-42916CWE-319: Cleartext Transmission of Sensitive Information
HTTP proxy double-free7.77.07.85.0CVE-2022-42915CWE-415: Double Free
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification7.16.47.83.1CVE-2022-32208CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Unpreserved file permissions7.69.07.83.1CVE-2022-32207CWE-281: Improper Preservation of Permissions
HTTP compression denial of service7.57.07.83.1CVE-2022-32206CWE-770: Allocation of Resources Without Limits or Throttling
Set-Cookie denial of service7.71.07.83.1CVE-2022-32205CWE-770: Allocation of Resources Without Limits or Throttling
TLS and SSH connection too eager reuse7.16.17.83.0CVE-2022-27782CWE-305: Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7.34.07.83.0CVE-2022-27781CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7.80.07.83.0CVE-2022-27780CWE-177: Improper Handling of URL Encoding
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Bad local IPv6 connection reuse7.65.07.82.0CVE-2022-27775CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7.33.07.82.0CVE-2022-22576CWE-305: Authentication Bypass by Primary Weakness

Changelog for curl 7.81.0

See vulnerability summary for the previous release: 7.80.0 or the subsequent release: 7.82.0