curl / Docs / Vulnerability table / 7.82.0 vulnerabilities

Vulnerabilities in curl 7.82.0

curl version 7.82.0 was released on March 5 2022. The following 9 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HSTS bypass via trailing dot7. Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse7. Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7. Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7. Improper Handling of URL Encoding
cookie for trailing dot TLD7. Information Exposure Through Sent Data
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Bad local IPv6 connection reuse7. Exposure of Sensitive Information to an Unauthorized Actor
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7. Authentication Bypass by Primary Weakness

Changelog for curl 7.82.0

See vulnerability summary for the previous release: 7.81.0 or the subsequent release: 7.83.0