curl / Docs / Vulnerability table / 7.81.0 vulnerabilities

Vulnerabilities in curl 7.81.0

curl version 7.81.0 was released on January 5 2022. The following 15 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HSTS bypass via IDN7. Cleartext Transmission of Sensitive Information
HTTP proxy double-free7. Double Free
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification7. Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Unpreserved file permissions7. Improper Preservation of Permissions
HTTP compression denial of service7. Allocation of Resources Without Limits or Throttling
Set-Cookie denial of service7. Allocation of Resources Without Limits or Throttling
TLS and SSH connection too eager reuse7. Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7. Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7. Improper Handling of URL Encoding
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Bad local IPv6 connection reuse7. Exposure of Sensitive Information to an Unauthorized Actor
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7. Authentication Bypass by Primary Weakness

Changelog for curl 7.81.0

See vulnerability summary for the previous release: 7.80.0 or the subsequent release: 7.82.0