curl / Docs / Vulnerability table / 7.88.0 vulnerabilities

Vulnerabilities in curl 7.88.0

curl version 7.88.0 was released on February 15 2023. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
SSH connection too eager reuse still7.16.17.88.1CVE-2023-27538CWE-305: Authentication Bypass by Primary Weakness
HSTS double-free7.88.07.88.1CVE-2023-27537CWE-415: Double Free
GSS delegation too eager connection re-use7.22.07.88.1CVE-2023-27536CWE-305: Authentication Bypass by Primary Weakness
FTP too eager connection reuse7.13.07.88.1CVE-2023-27535CWE-305: Authentication Bypass by Primary Weakness
SFTP path ~ resolving discrepancy7.18.07.88.1CVE-2023-27534CWE-22: Improper Limitation of a Pathname to a Restricted Directory
TELNET option IAC injection7.77.88.1CVE-2023-27533CWE-75: Failure to Sanitize Special Elements into a Different Plane

Changelog for curl 7.88.0

See vulnerability summary for the previous release: 7.87.0 or the subsequent release: 7.88.1