curl / Docs / Vulnerability table / 7.83.0 vulnerabilities

Vulnerabilities in curl 7.83.0

curl version 7.83.0 was released on April 27 2022. The following 11 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
control code in cookie denial of service	4.9	7.84.0	CVE-2022-35252	CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification	7.16.4	7.83.1	CVE-2022-32208	CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Unpreserved file permissions	7.69.0	7.83.1	CVE-2022-32207	CWE-281: Improper Preservation of Permissions
HTTP compression denial of service	7.57.0	7.83.1	CVE-2022-32206	CWE-770: Allocation of Resources Without Limits or Throttling
Set-Cookie denial of service	7.71.0	7.83.1	CVE-2022-32205	CWE-770: Allocation of Resources Without Limits or Throttling
HSTS bypass via trailing dot	7.82.0	7.83.0	CVE-2022-30115	CWE-319: Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse	7.16.1	7.83.0	CVE-2022-27782	CWE-305: Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop	7.34.0	7.83.0	CVE-2022-27781	CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host	7.80.0	7.83.0	CVE-2022-27780	CWE-177: Improper Handling of URL Encoding
cookie for trailing dot TLD	7.82.0	7.83.0	CVE-2022-27779	CWE-201: Information Exposure Through Sent Data
curl removes wrong file on error	7.83.0	7.83.0	CVE-2022-27778	CWE-706: Use of Incorrectly-Resolved Name or Reference