curl / Docs / Vulnerability table / 7.86.0 vulnerabilities

Vulnerabilities in curl 7.86.0

curl version 7.86.0 was released on October 26 2022. The following 10 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
SSH connection too eager reuse still	7.16.1	7.88.1	CVE-2023-27538	CWE-305: Authentication Bypass by Primary Weakness
GSS delegation too eager connection re-use	7.22.0	7.88.1	CVE-2023-27536	CWE-305: Authentication Bypass by Primary Weakness
FTP too eager connection reuse	7.13.0	7.88.1	CVE-2023-27535	CWE-305: Authentication Bypass by Primary Weakness
SFTP path ~ resolving discrepancy	7.18.0	7.88.1	CVE-2023-27534	CWE-22: Improper Limitation of a Pathname to a Restricted Directory
TELNET option IAC injection	7.7	7.88.1	CVE-2023-27533	CWE-75: Failure to Sanitize Special Elements into a Different Plane
HTTP multi-header compression denial of service	7.57.0	7.87.0	CVE-2023-23916	CWE-770: Allocation of Resources Without Limits or Throttling
HSTS amnesia with --parallel	7.77.0	7.87.0	CVE-2023-23915	CWE-319: Cleartext Transmission of Sensitive Information
HSTS ignored on multiple requests	7.77.0	7.87.0	CVE-2023-23914	CWE-319: Cleartext Transmission of Sensitive Information
HTTP Proxy deny use-after-free	7.16.0	7.86.0	CVE-2022-43552	CWE-416: Use After Free
Another HSTS bypass via IDN	7.77.0	7.86.0	CVE-2022-43551	CWE-319: Cleartext Transmission of Sensitive Information