Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO Web Site Info
Protocols
alt-svc CA Extract HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.83.0 vulnerabilities

Vulnerabilities in curl 7.83.0

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.83.0 was released on April 27 2022. The following 16 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HTTP Proxy deny use-after-free7.16.07.86.0CVE-2022-43552CWE-416: Use After Free
Another HSTS bypass via IDN7.77.07.86.0CVE-2022-43551CWE-319: Cleartext Transmission of Sensitive Information
HSTS bypass via IDN7.77.07.85.0CVE-2022-42916CWE-319: Cleartext Transmission of Sensitive Information
HTTP proxy double-free7.77.07.85.0CVE-2022-42915CWE-415: Double Free
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification7.16.47.83.1CVE-2022-32208CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Unpreserved file permissions7.69.07.83.1CVE-2022-32207CWE-281: Improper Preservation of Permissions
HTTP compression denial of service7.57.07.83.1CVE-2022-32206CWE-770: Allocation of Resources Without Limits or Throttling
Set-Cookie denial of service7.71.07.83.1CVE-2022-32205CWE-770: Allocation of Resources Without Limits or Throttling
HSTS bypass via trailing dot7.82.07.83.0CVE-2022-30115CWE-319: Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse7.16.17.83.0CVE-2022-27782CWE-305: Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7.34.07.83.0CVE-2022-27781CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7.80.07.83.0CVE-2022-27780CWE-177: Improper Handling of URL Encoding
cookie for trailing dot TLD7.82.07.83.0CVE-2022-27779CWE-201: Information Exposure Through Sent Data
curl removes wrong file on error7.83.07.83.0CVE-2022-27778CWE-706: Use of Incorrectly-Resolved Name or Reference

Changelog for curl 7.83.0

See vulnerability summary for the previous release: 7.82.0 or the subsequent release: 7.83.1