curl / Docs / Vulnerability table / 7.85.0 vulnerabilities

Vulnerabilities in curl 7.85.0

curl version 7.85.0 was released on August 31 2022. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HTTP Proxy deny use-after-free7.16.07.86.0CVE-2022-43552CWE-416: Use After Free
Another HSTS bypass via IDN7.77.07.86.0CVE-2022-43551CWE-319: Cleartext Transmission of Sensitive Information
HSTS bypass via IDN7.77.07.85.0CVE-2022-42916CWE-319: Cleartext Transmission of Sensitive Information
HTTP proxy double-free7.77.07.85.0CVE-2022-42915CWE-415: Double Free
.netrc parser out-of-bounds access7.84.07.85.0CVE-2022-35260CWE-121: Stack-based Buffer Overflow
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation

Changelog for curl 7.85.0

See vulnerability summary for the previous release: 7.84.0 or the subsequent release: 7.86.0