Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO Web Site Info
Protocols
alt-svc CA Extract HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs SSL libs compared URL syntax
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.83.0 vulnerabilities

Vulnerabilities in curl 7.83.0

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.83.0 was released on April 27 2022. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HSTS bypass via trailing dot7.82.07.83.0CVE-2022-30115CWE-319: Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse7.16.17.83.0CVE-2022-27782CWE-305: Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7.34.07.83.0CVE-2022-27781CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7.80.07.83.0CVE-2022-27780CWE-177: Improper Handling of URL Encoding
cookie for trailing dot TLD7.82.07.83.0CVE-2022-27779CWE-201: Information Exposure Through Sent Data
curl removes wrong file on error7.83.07.83.0CVE-2022-27778CWE-706: Use of Incorrectly-Resolved Name or Reference

Changelog for curl 7.83.0

See vulnerability summary for the previous release: 7.82.0 or the subsequent release: 7.83.1