curl / Docs / Vulnerability table / 7.83.0 vulnerabilities

Vulnerabilities in curl 7.83.0

curl version 7.83.0 was released on April 27 2022. The following 11 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification7.16.47.83.1CVE-2022-32208CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Unpreserved file permissions7.69.07.83.1CVE-2022-32207CWE-281: Improper Preservation of Permissions
HTTP compression denial of service7.57.07.83.1CVE-2022-32206CWE-770: Allocation of Resources Without Limits or Throttling
Set-Cookie denial of service7.71.07.83.1CVE-2022-32205CWE-770: Allocation of Resources Without Limits or Throttling
HSTS bypass via trailing dot7.82.07.83.0CVE-2022-30115CWE-319: Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse7.16.17.83.0CVE-2022-27782CWE-305: Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7.34.07.83.0CVE-2022-27781CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7.80.07.83.0CVE-2022-27780CWE-177: Improper Handling of URL Encoding
cookie for trailing dot TLD7.82.07.83.0CVE-2022-27779CWE-201: Information Exposure Through Sent Data
curl removes wrong file on error7.83.07.83.0CVE-2022-27778CWE-706: Use of Incorrectly-Resolved Name or Reference

Changelog for curl 7.83.0

See vulnerability summary for the previous release: 7.82.0 or the subsequent release: 7.83.1