Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO Web Site Info
Protocols
alt-svc CA Extract HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 7.85.0 vulnerabilities

Vulnerabilities in curl 7.85.0

Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

curl version 7.85.0 was released on August 31 2022. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HTTP Proxy deny use-after-free7.16.07.86.0CVE-2022-43552CWE-416: Use After Free
Another HSTS bypass via IDN7.77.07.86.0CVE-2022-43551CWE-319: Cleartext Transmission of Sensitive Information
HSTS bypass via IDN7.77.07.85.0CVE-2022-42916CWE-319: Cleartext Transmission of Sensitive Information
HTTP proxy double-free7.77.07.85.0CVE-2022-42915CWE-415: Double Free
.netrc parser out-of-bounds access7.84.07.85.0CVE-2022-35260CWE-121: Stack-based Buffer Overflow
POST following PUT confusion7.77.85.0CVE-2022-32221CWE-440: Expected Behavior Violation

Changelog for curl 7.85.0

See vulnerability summary for the previous release: 7.84.0 or the subsequent release: 7.86.0