curl / Docs / Vulnerability table / 7.86.0 vulnerabilities

Vulnerabilities in curl 7.86.0

curl version 7.86.0 was released on October 26 2022. The following 10 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
SSH connection too eager reuse still7.16.17.88.1CVE-2023-27538CWE-305: Authentication Bypass by Primary Weakness
GSS delegation too eager connection re-use7.22.07.88.1CVE-2023-27536CWE-305: Authentication Bypass by Primary Weakness
FTP too eager connection reuse7.13.07.88.1CVE-2023-27535CWE-305: Authentication Bypass by Primary Weakness
SFTP path ~ resolving discrepancy7.18.07.88.1CVE-2023-27534CWE-22: Improper Limitation of a Pathname to a Restricted Directory
TELNET option IAC injection7.77.88.1CVE-2023-27533CWE-75: Failure to Sanitize Special Elements into a Different Plane
HTTP multi-header compression denial of service7.57.07.87.0CVE-2023-23916CWE-770: Allocation of Resources Without Limits or Throttling
HSTS amnesia with --parallel7.77.07.87.0CVE-2023-23915CWE-319: Cleartext Transmission of Sensitive Information
HSTS ignored on multiple requests7.77.07.87.0CVE-2023-23914CWE-319: Cleartext Transmission of Sensitive Information
HTTP Proxy deny use-after-free7.16.07.86.0CVE-2022-43552CWE-416: Use After Free
Another HSTS bypass via IDN7.77.07.86.0CVE-2022-43551CWE-319: Cleartext Transmission of Sensitive Information

Changelog for curl 7.86.0

See vulnerability summary for the previous release: 7.85.0 or the subsequent release: 7.87.0