curl / Docs / Vulnerability table / 7.9.1 vulnerabilities

Vulnerabilities in curl 7.9.1

curl version 7.9.1 was released on November 4 2001

It has the following 35 published security problems.

SFlawFirstLast
LCVE-2026-8932: incomplete mTLS config matching in conn reuse7.78.20.0
LCVE-2026-3784: wrong proxy connection reuse with credentials7.78.18.0
LCVE-2023-38546: cookie injection with none file7.9.18.3.0
LCVE-2023-28322: more POST-after-PUT confusion7.78.0.1
LCVE-2023-27533: TELNET option IAC injection7.77.88.1
MCVE-2022-32221: POST following PUT confusion7.77.85.0
LCVE-2022-35252: control code in cookie denial of service4.97.84.0
LCVE-2022-27776: Auth/cookie leak on redirect4.97.82.0
MCVE-2022-27774: Credential leak on redirect4.97.82.0
MCVE-2021-22925: TELNET stack contents disclosure again7.77.77.0
MCVE-2021-22898: TELNET stack contents disclosure7.77.76.1
LCVE-2021-22876: Automatic referer leaks credentials7.1.17.75.0
LCVE-2020-8284: trusting FTP PASV responses4.07.73.0
LCVE-2018-1000007: HTTP authentication leak in redirects6.07.57.0
MCVE-2017-1000254: FTP PWD response parser out of bounds read7.77.55.1
MCVE-2017-7407: --write-out out of buffer read6.57.53.1
MCVE-2016-9586: printf floating point buffer overflow5.47.51.0
HCVE-2016-8615: cookie injection for other servers4.97.50.3
MCVE-2016-8616: case insensitive password comparison7.77.50.3
MCVE-2016-8617: OOB write via unchecked multiplication7.8.17.50.3
MCVE-2016-8618: double free in curl_maprintf5.47.50.3
HCVE-2016-8619: double free in krb5 code7.37.50.3
MCVE-2016-8624: invalid URL parsing with '#'6.07.50.3
HCVE-2016-5419: TLS session resumption client cert bypass5.07.50.0
MCVE-2016-5420: Reusing connections with wrong client cert7.77.50.0
HCVE-2016-0754: remote filename path traversal in curl tool for Windows4.07.46.0
HCVE-2015-3153: sensitive HTTP server headers also sent to proxies4.07.42.0
HCVE-2014-8150: URL request injection6.07.39.0
MCVE-2014-3613: cookie leak with IP address as domain4.07.37.1
HCVE-2013-2174: URL decode buffer boundary flaw7.77.30.0
HCVE-2013-1944: cookie domain tailmatch4.77.29.0
HCVE-2009-2417: embedded zero in cert name7.47.19.5
MCVE-2009-0037: Arbitrary File Access5.117.19.3
HCVE-2005-0490: Authentication Buffer Overflows7.37.13.0
HCVE-2003-1605: Proxy Authentication Header Information Leakage4.57.10.6

Further details

CVE data for 7.9.1 provided as JSON.

Changelog for curl 7.9.1

See vulnerability summary for the previous release: 7.9 or the subsequent release: 7.9.2