curl / Docs / Vulnerability table / 7.9.4 vulnerabilities

Vulnerabilities in curl 7.9.4

curl version 7.9.4 was released on March 4 2002. The following 33 security problems are known to exist in this version.

Flaw	From version	To and including
cookie injection with none file	7.9.1	8.3.0
more POST-after-PUT confusion	7.7	8.0.1
TELNET option IAC injection	7.7	7.88.1
POST following PUT confusion	7.7	7.85.0
control code in cookie denial of service	4.9	7.84.0
Auth/cookie leak on redirect	4.9	7.82.0
Credential leak on redirect	4.9	7.82.0
TELNET stack contents disclosure again	7.7	7.77.0
TELNET stack contents disclosure	7.7	7.76.1
Automatic referer leaks credentials	7.1.1	7.75.0
trusting FTP PASV responses	4.0	7.73.0
HTTP authentication leak in redirects	6.0	7.57.0
FTP PWD response parser out of bounds read	7.7	7.55.1
--write-out out of buffer read	6.5	7.53.1
printf floating point buffer overflow	5.4	7.51.0
cookie injection for other servers	4.9	7.50.3
case insensitive password comparison	7.7	7.50.3
OOB write via unchecked multiplication	7.8.1	7.50.3
double free in curl_maprintf	5.4	7.50.3
double free in krb5 code	7.3	7.50.3
invalid URL parsing with '#'	6.0	7.50.3
TLS session resumption client cert bypass	5.0	7.50.0
Re-using connections with wrong client cert	7.7	7.50.0
remote file name path traversal in curl tool for Windows	4.0	7.46.0
sensitive HTTP server headers also sent to proxies	4.0	7.42.0
URL request injection	6.0	7.39.0
cookie leak with IP address as domain	4.0	7.37.1
URL decode buffer boundary flaw	7.7	7.30.0
cookie domain tailmatch	4.7	7.29.0
embedded zero in cert name	7.4	7.19.5
Arbitrary File Access	5.11	7.19.3
Authentication Buffer Overflows	7.3	7.13.0
Proxy Authentication Header Information Leakage	4.5	7.10.6

CVE data for 7.9.4 provided as JSON.