curl / Docs / Vulnerability table / 7.84.0 vulnerabilities

Vulnerabilities in curl 7.84.0

curl version 7.84.0 was released on June 27 2022. The following 5 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HSTS bypass via IDN7.77.07.85.0CVE-2022-42916CWE-319: Cleartext Transmission of Sensitive Information
HTTP proxy double-free7.77.07.85.0CVE-2022-42915CWE-415: Double Free
.netrc parser out-of-bounds access7.84.07.85.0CVE-2022-35260CWE-121: Stack-based Buffer Overflow
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation
control code in cookie denial of service4.97.84.0CVE-2022-35252CWE-1286: Improper Validation of Syntactic Correctness of Input

Changelog for curl 7.84.0

See vulnerability summary for the previous release: 7.83.1 or the subsequent release: 7.85.0