curl / Docs / Vulnerability table / 7.83.0 vulnerabilities

Vulnerabilities in curl 7.83.0

curl version 7.83.0 was released on April 27 2022. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HSTS bypass via trailing dot7.82.07.83.0CVE-2022-30115CWE-319: Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse7.16.17.83.0CVE-2022-27782CWE-305: Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7.34.07.83.0CVE-2022-27781CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7.80.07.83.0CVE-2022-27780CWE-177: Improper Handling of URL Encoding
cookie for trailing dot TLD7.82.07.83.0CVE-2022-27779CWE-201: Information Exposure Through Sent Data
curl removes wrong file on error7.83.07.83.0CVE-2022-27778CWE-706: Use of Incorrectly-Resolved Name or Reference

Changelog for curl 7.83.0

See vulnerability summary for the previous release: 7.82.0 or the subsequent release: 7.83.1