Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO Web Site Info
Protocols
alt-svc CA Extract HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog curl CVEs Release Table Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial When options were added
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 8.6.0 vulnerabilities

Vulnerabilities in curl 8.6.0

Related:
Audits
Bug Bounty
Changelog
curl CVEs
Vulnerability Disclosure
Vulnerabilities Table

curl version 8.6.0 was released on January 31 2024. The following 4 security problems are known to exist in this version.

FlawFrom versionTo and including
TLS certificate check bypass with mbedTLS8.5.08.6.0
HTTP/2 push headers memory-leak7.44.08.6.0
QUIC certificate check bypass with wolfSSL8.6.08.6.0
Usage of disabled protocol7.85.08.6.0

CVE data for 8.6.0 provided as JSON.

Changelog for curl 8.6.0

See vulnerability summary for the previous release: 8.5.0 or the subsequent release: 8.7.0