Haxx Curl 7.86.0

CPE Details

Haxx Curl 7.86.0
7.86.0
2022-10-31
11h26 +00:00
2022-10-31
11h27 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:haxx:curl:7.86.0:*:*:*:*:*:*:*

Informations

Vendor

haxx

Product

curl

Version

7.86.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-9681 2024-11-06 07h47 +00:00 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.
6.5
Medium
CVE-2023-46219 2023-12-12 01h38 +00:00 When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
5.3
Medium
CVE-2023-46218 2023-12-07 01h10 +00:00 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
6.5
Medium
CVE-2023-38039 2023-09-15 03h21 +00:00 When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
7.5
High
CVE-2023-28319 2023-05-25 22h00 +00:00 A use after free vulnerability exists in curl
7.5
High
CVE-2023-28320 2023-05-25 22h00 +00:00 A denial of service vulnerability exists in curl
5.9
Medium
CVE-2023-28321 2023-05-25 22h00 +00:00 An improper certificate validation vulnerability exists in curl
5.9
Medium
CVE-2023-28322 2023-05-25 22h00 +00:00 An information disclosure vulnerability exists in curl
3.7
Low
CVE-2023-27533 2023-03-29 22h00 +00:00 A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.
8.8
High
CVE-2023-27534 2023-03-29 22h00 +00:00 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
8.8
High
CVE-2023-23914 2023-02-23 00h00 +00:00 A cleartext transmission of sensitive information vulnerability exists in curl
9.1
Critical
CVE-2023-23916 2023-02-23 00h00 +00:00 An allocation of resources without limits or throttling vulnerability exists in curl
6.5
Medium
CVE-2023-23915 2023-02-22 23h00 +00:00 A cleartext transmission of sensitive information vulnerability exists in curl
6.5
Medium
CVE-2022-43552 2023-02-08 23h00 +00:00 A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
5.9
Medium
CVE-2022-43551 2022-12-23 00h00 +00:00 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
7.5
High