curl / Docs / Vulnerability table / 7.87.0 vulnerabilities

Vulnerabilities in curl 7.87.0

curl version 7.87.0 was released on December 21 2022

It has the following 27 published security problems.

Flaw	From version	To and including
missing SFTP host verification with wolfSSH	7.69.0	8.16.0
Out of bounds read for cookie path	7.31.0	8.15.0
gzip integer overflow	7.10.5	8.11.1
netrc and default credential leak	7.76.0	8.11.1
netrc and redirect credential leak	7.76.0	8.11.0
HSTS subdomain overwrites parent cache entry	7.74.0	8.10.1
OCSP stapling bypass with GnuTLS	7.41.0	8.9.1
ASN.1 date parser overread	7.32.0	8.9.0
HTTP/2 push headers memory-leak	7.44.0	8.6.0
Usage of disabled protocol	7.85.0	8.6.0
HSTS long filename clears contents	7.84.0	8.4.0
cookie mixed case PSL bypass	7.46.0	8.4.0
cookie injection with none file	7.9.1	8.3.0
SOCKS5 heap buffer overflow	7.69.0	8.3.0
HTTP headers eat all memory	7.84.0	8.2.1
more POST-after-PUT confusion	7.7	8.0.1
IDN wildcard match	7.12.0	8.0.1
siglongjmp race condition	7.9.8	8.0.1
UAF in SSH sha256 fingerprint check	7.81.0	8.0.1
SSH connection too eager reuse still	7.16.1	7.88.1
GSS delegation too eager connection reuse	7.22.0	7.88.1
FTP too eager connection reuse	7.13.0	7.88.1
SFTP path ~ resolving discrepancy	7.18.0	7.88.1
TELNET option IAC injection	7.7	7.88.1
HTTP multi-header compression denial of service	7.57.0	7.87.0
HSTS amnesia with --parallel	7.77.0	7.87.0
HSTS ignored on multiple requests	7.77.0	7.87.0

Further details

CVE data for 7.87.0 provided as JSON.