curl / Docs / Vulnerability table / 7.83.1 vulnerabilities

Vulnerabilities in curl 7.83.1

curl version 7.83.1 was released on May 11 2022. The following 10 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HTTP Proxy deny use-after-free7.16.07.86.0CVE-2022-43552CWE-416: Use After Free
Another HSTS bypass via IDN7.77.07.86.0CVE-2022-43551CWE-319: Cleartext Transmission of Sensitive Information
HSTS bypass via IDN7.77.07.85.0CVE-2022-42916CWE-319: Cleartext Transmission of Sensitive Information
HTTP proxy double-free7.77.07.85.0CVE-2022-42915CWE-415: Double Free
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input
FTP-KRB bad message verification7.16.47.83.1CVE-2022-32208CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Unpreserved file permissions7.69.07.83.1CVE-2022-32207CWE-281: Improper Preservation of Permissions
HTTP compression denial of service7.57.07.83.1CVE-2022-32206CWE-770: Allocation of Resources Without Limits or Throttling
Set-Cookie denial of service7.71.07.83.1CVE-2022-32205CWE-770: Allocation of Resources Without Limits or Throttling

Changelog for curl 7.83.1

See vulnerability summary for the previous release: 7.83.0 or the subsequent release: 7.84.0