curl / Docs / Vulnerability table / 7.85.0 vulnerabilities

Vulnerabilities in curl 7.85.0

curl version 7.85.0 was released on August 31 2022

It has the following 25 published security problems.

FlawFrom versionTo and including
HTTP/2 push headers memory-leak7.
Usage of disabled protocol7.
HSTS long filename clears contents7.
cookie mixed case PSL bypass7.
cookie injection with none file7.
SOCKS5 heap buffer overflow7.
HTTP headers eat all memory7.
more POST-after-PUT confusion7.78.0.1
IDN wildcard match7.
siglongjmp race condition7.
UAF in SSH sha256 fingerprint check7.
SSH connection too eager reuse still7.
GSS delegation too eager connection re-use7.
FTP too eager connection reuse7.
SFTP path ~ resolving discrepancy7.
TELNET option IAC injection7.77.88.1
HTTP multi-header compression denial of service7.
HSTS amnesia with --parallel7.
HSTS ignored on multiple requests7.
HTTP Proxy deny use after free7.
Another HSTS bypass via IDN7.
HSTS bypass via IDN7.
HTTP proxy double free7.
.netrc parser out-of-bounds access7.
POST following PUT confusion7.77.85.0

Futher details

CVE data for 7.85.0 provided as JSON.

Changelog for curl 7.85.0

See vulnerability summary for the previous release: 7.84.0 or the subsequent release: 7.86.0