curl / Docs / Vulnerability table / 8.6.0 vulnerabilities

Vulnerabilities in curl 8.6.0

curl version 8.6.0 was released on January 31 2024

It has the following 5 published security problems.

FlawFrom versionTo and including
freeing stack buffer in utf8asn1str8.
TLS certificate check bypass with mbedTLS8.
HTTP/2 push headers memory-leak7.
QUIC certificate check bypass with wolfSSL8.
Usage of disabled protocol7.

Futher details

CVE data for 8.6.0 provided as JSON.

Changelog for curl 8.6.0

See vulnerability summary for the previous release: 8.5.0 or the subsequent release: 8.7.0