curl / Docs / Vulnerability table / 7.82.0 vulnerabilities

Vulnerabilities in curl 7.82.0

curl version 7.82.0 was released on March 5 2022. The following 14 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification7. Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Unpreserved file permissions7. Improper Preservation of Permissions
HTTP compression denial of service7. Allocation of Resources Without Limits or Throttling
Set-Cookie denial of service7. Allocation of Resources Without Limits or Throttling
HSTS bypass via trailing dot7. Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse7. Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7. Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7. Improper Handling of URL Encoding
cookie for trailing dot TLD7. Information Exposure Through Sent Data
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Bad local IPv6 connection reuse7. Exposure of Sensitive Information to an Unauthorized Actor
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7. Authentication Bypass by Primary Weakness

Changelog for curl 7.82.0

See vulnerability summary for the previous release: 7.81.0 or the subsequent release: 7.83.0