Professional Documents
Culture Documents
Vulnerabilities in Curl 7.19.3
Vulnerabilities in Curl 7.19.3
Docs Overview
curl / Docs / Vulnerability table / 7.19.3 vulnerabilities
7407
CVE-
printf floating point CWE-121: Stack-based
7.1 7.51.0 2016-
buffer overflow Buffer Overflow
9586
CVE-
cookie injection for CWE-187: Partial
7.1 7.50.3 2016-
other servers Comparison
8615
CVE- CWE-178: Improper
case insensitive
7.7 7.50.3 2016- Handling of Case
password comparison
8616 Sensitivity
OOB write via CVE-
CWE-131: Incorrect
unchecked 7.1 7.50.3 2016-
Calculation of Buffer Size
multiplication 8617
CVE-
double-free in
7.1 7.50.3 2016- CWE-415: Double Free
curl_maprintf
8618
CVE-
double-free in krb5
7.3 7.50.3 2016- CWE-415: Double Free
code
8619
CVE-
curl_getdate read out CWE-126: Buffer Over-
7.12.2 7.50.3 2016-
of bounds read
8621
CVE-
Use-after-free via
7.10.7 7.50.3 2016- CWE-416: Use After Free
shared cookies
8623
CVE-
invalid URL parsing
7.1 7.50.3 2016- CWE-172: Encoding Error
with '#'
8624
CVE- CWE-838: Inappropriate
IDNA 2003 makes curl
7.12.0 7.50.3 2016- Encoding for Output
use wrong host
8625 Context
curl escape and CVE-
CWE-131: Incorrect
unescape integer 7.11.1 7.50.2 2016-
Calculation of Buffer Size
overflows 7167
TLS session CVE- CWE-305: Authentication
resumption client cert 7.1 7.50.0 2016- Bypass by Primary
bypass 5419 Weakness
CVE- CWE-305: Authentication
Re-using connections
7.1 7.50.0 2016- Bypass by Primary
with wrong client cert
5420 Weakness
https://curl.haxx.se/docs/vuln-7.19.3.html 2/4
4/26/2020 Vulnerabilities in curl 7.19.3
2174
CVE- CWE-201: Information
cookie domain
6.0 7.29.0 2013- Exposure Through Sent
tailmatch
1944 Data
CVE- CWE-924: Improper
SSL CBC IV
7.10.6 7.23.1 2011- Enforcement of Message
vulnerability
3389 Integrity
CVE- CWE-281: Improper
inappropriate GSSAPI
7.10.6 7.21.6 2011- Preservation of
delegation
2192 Permissions
CVE- CWE-628: Function Call
data callback
7.10.5 7.19.7 2010- with Incorrectly Specified
excessive length
0734 Arguments
CVE-
embedded zero in cert CWE-170: Improper Null
7.4 7.19.5 2009-
name Termination
2417
CVE- CWE-142: Improper
Arbitrary File Access 6.0 7.19.3 2009- Neutralization of Value
0037 Delimiters
See vulnerability summary for the previous release: 7.19.2 or the subsequent
release: 7.19.4
https://curl.haxx.se/docs/vuln-7.19.3.html 4/4