curl / Docs / Vulnerability table / 8.11.1 vulnerabilities

Vulnerabilities in curl 8.11.1

curl version 8.11.1 was released on December 11 2024

It has the following 23 published security problems.

Flaw	From version	To and including
cross-proxy Digest auth state leak	7.12.0	8.19.0
netrc credential leak with reused proxy connection	7.14.0	8.19.0
stale custom cookie host causes cookie leak	7.71.0	8.19.0
proxy credentials leak over redirect-to proxy	7.14.1	8.19.0
wrong reuse of SMB connection	7.40.0	8.19.0
wrong reuse of HTTP Negotiate connection	7.10.6	8.19.0
connection reuse ignores TLS requirement	7.20.0	8.19.0
wrong proxy connection reuse with credentials	7.7	8.18.0
token leak with redirect and netrc	7.33.0	8.18.0
bad reuse of HTTP Negotiate connection	7.10.6	8.18.0
libssh key passphrase bypass without agent set	7.58.0	8.17.0
libssh global known_hosts override	7.58.0	8.17.0
OpenSSL partial chain store policy bypass	7.87.0	8.17.0
bearer token leak on cross-protocol redirect	7.33.0	8.17.0
broken TLS options for threaded LDAPS	7.17.0	8.17.0
No QUIC certificate pinning with GnuTLS	8.8.0	8.17.0
missing SFTP host verification with wolfSSH	7.69.0	8.16.0
predictable WebSocket mask	8.11.0	8.15.0
No QUIC certificate pinning with wolfSSL	8.5.0	8.13.0
QUIC certificate check skip with wolfSSL	8.8.0	8.13.0
gzip integer overflow	7.10.5	8.11.1
eventfd double close	8.11.1	8.11.1
netrc and default credential leak	7.76.0	8.11.1

Further details

CVE data for 8.11.1 provided as JSON.