Vulnerabilidades em CURL
47 resultadosCVE-2023-38545HIGHThis flaw makes curl overflow a heap based buffer in the SOCKS5 proxy
handshake.
When curl is asked to pass along the host name to the SOCKEPSS 78.5%CVE-2023-38039HIGHWhen curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.
HoweveEPSS 62.2%CVE-2019-5436HIGHA heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.EPSS 49.7%CVE-2024-2398HIGHHTTP/2 push headers memory-leakEPSS 36.1%CVE-2024-7264MEDIUMASN.1 date parser overreadEPSS 16.2%CVE-2023-38546—This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
EPSS 6.2%CVE-2019-5435—An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.EPSS 4.9%CVE-2024-6197HIGHfreeing stack buffer in utf8asn1strEPSS 4.3%CVE-2024-9681MEDIUMHSTS subdomain overwrites parent cache entryEPSS 2.0%CVE-2024-2379MEDIUMQUIC certificate check bypass with wolfSSLEPSS 1.7%CVE-2023-46218MEDIUMThis flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back to more origins than what is otherwise allEPSS 1.7%CVE-2024-2004LOWUsage of disabled protocolEPSS 1.7%CVE-2017-2629MEDIUMcurl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificateEPSS 1.4%CVE-2024-11053LOWnetrc and redirect credential leakEPSS 1.4%CVE-2025-9086HIGHOut of bounds read for cookie pathEPSS 1.3%CVE-2024-2466MEDIUMTLS certificate check bypass with mbedTLSEPSS 1.3%CVE-2025-5399HIGHWebSocket endless loopEPSS 1.2%CVE-2025-0725HIGHgzip integer overflowEPSS 1.2%CVE-2025-0665HIGHeventfd double closeEPSS 1.2%CVE-2023-46219MEDIUMWhen saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file EPSS 1.1%