libcurl vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the libcurl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Generation of Predictable Numbers or Identifiers	[,8.16.0)
M Out-of-bounds Read	[7.76.0,8.16.0)
M Improper Certificate Validation	[8.8.0,8.15.0)
M Improper Certificate Validation	[8.5.0,8.15.0)
M Credential Exposure	[7.76.0,8.12.1)
H Multiple Releases of Same Resource or Handle	[8.11.1,8.12.1)
H Integer Overflow to Buffer Overflow	[7.76.0,8.12.1)
M Information Exposure	[7.76.0,8.11.1)
M Comparison Using Wrong Factors	[7.76.0,8.11.1)
M Improper Certificate Validation	[7.76.0,8.10.0)
M Out-of-bounds Read	[7.76.0,8.9.1)
H Out-of-bounds Read	[,8.9.1)
M Free of Memory not on the Heap	[8.6.0,8.9.1)
M Improper Certificate Validation	[8.5.0,8.8.0)
L Improper Certificate Validation	[8.6.0,8.8.0)
L Authentication Bypass by Spoofing	[7.85.0,8.8.0)
M Uncontrolled Resource Consumption ('Resource Exhaustion')	[7.76.0,8.8.0)
L Improper Check for Certificate Revocation	[8.5.0,8.6.0)
M Information Exposure	[7.76.0,8.5.0)
M Missing Encryption of Sensitive Data	[7.84.0,8.5.0)
L External Control of File Name or Path	[7.76.0,8.4.0)
H Heap-based Buffer Overflow	[7.76.0,8.4.0)
M Allocation of Resources Without Limits or Throttling	[7.84.0,8.4.0)
M Time-of-check Time-of-use (TOCTOU) Race Condition	[,8.2.0)
L Improper Synchronization	[7.76.0,8.1.1)
M Improper Certificate Validation	[7.76.0,8.1.1)
M Expected Behavior Violation	[7.76.0,8.1.1)
M Use After Free	[7.82.0,8.1.1)
M Double Free	[,8.0.0)
M Authentication Bypass by Primary Weakness	[,8.0.0)
M Authentication Bypass	[,8.0.0)
M Directory Traversal	[,8.0.0)
M Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)	[7.76.0,8.0.0)
M Allocation of Resources Without Limits or Throttling	[7.76.0,7.88.1)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.88.1)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.88.1)
H Use After Free	[0,)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.87.0)
L Stack-based Buffer Overflow	[7.84.0,7.86.0)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.86.0)
M Double Free	[7.77.0,7.86.0)
M Expected Behavior Violation	[7.76.0,7.86.0)
L Improper Validation of Syntactic Correctness of Input	[,7.85.0)
M Improper Preservation of Permissions	[,7.84.0)
M Denial of Service (DoS)	[,7.84.0)
M Improper Enforcement of Message Integrity During Transmission in a Communication Channel	[,7.84.0)
M Denial of Service (DoS)	[,7.84.0)
M Improper Authentication	[7.76.0,7.83.1)
M Cleartext Transmission of Sensitive Information	[7.82.0,7.83.1)
M Infinite loop	[7.76.0,7.83.1)
M Inappropriate Encoding for Output Context	[7.80.0,7.83.1)
M Information Exposure	[,7.83.1)
L Information Exposure	[,7.83.1)
M Improper Authentication	[,7.83.1)
M Insufficiently Protected Credentials	[,7.83.1)
M Open Redirect	[,7.83.1)
M Improper Validation	[7.76.0,7.78.0)
H Resources Downloaded over Insecure Protocol	[7.76.0,7.79.1)
M Insufficiently Protected Credentials	[7.76.0,7.78.0)
M Use of Uninitialized Resource	[7.76.0,7.78.0)
C Double Free	[7.76.0,7.79.1)
H Improper Certificate Validation	[7.76.0,7.78.0)
H Use After Free	[7.76.0,7.77.0)
M Information Exposure	[7.76.0,7.77.0)
M Insufficient Verification of Data Authenticity	[7.76.0,7.79.1)
L Missing Initialization of Resource	[7.76.0,7.77.0)
L Race Condition	[7.76.0,7.77.0)

Vulnerability

Vulnerable Version

Generation of Predictable Numbers or Identifiers

[,8.16.0)