libcurl vulnerabilities

Known vulnerabilities in the libcurl package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Certificate Validation	[8.8.0,8.15.0)
M Improper Certificate Validation	[8.5.0,8.15.0)
M Credential Exposure	[7.76.0,8.12.1)
H Multiple Releases of Same Resource or Handle	[8.11.1,8.12.1)
H Integer Overflow to Buffer Overflow	[7.76.0,8.12.1)
M Information Exposure	[7.76.0,8.11.1)
M Comparison Using Wrong Factors	[7.76.0,8.11.1)
M Improper Certificate Validation	[7.76.0,8.10.0)
M Out-of-bounds Read	[7.76.0,8.9.1)
H Out-of-bounds Read	[,8.9.1)
M Free of Memory not on the Heap	[8.6.0,8.9.1)
M Improper Certificate Validation	[8.5.0,8.8.0)
L Improper Certificate Validation	[8.6.0,8.8.0)
L Authentication Bypass by Spoofing	[7.85.0,8.8.0)
M Uncontrolled Resource Consumption ('Resource Exhaustion')	[7.76.0,8.8.0)
L Improper Check for Certificate Revocation	[8.5.0,8.6.0)
M Information Exposure	[7.76.0,8.5.0)
M Missing Encryption of Sensitive Data	[7.84.0,8.5.0)
L External Control of File Name or Path	[7.76.0,8.4.0)
H Heap-based Buffer Overflow	[7.76.0,8.4.0)
M Allocation of Resources Without Limits or Throttling	[7.84.0,8.4.0)
M Time-of-check Time-of-use (TOCTOU) Race Condition	[,8.2.0)
L Improper Synchronization	[7.76.0,8.1.1)
M Improper Certificate Validation	[7.76.0,8.1.1)
M Expected Behavior Violation	[7.76.0,8.1.1)
M Use After Free	[7.82.0,8.1.1)
M Double Free	[,8.0.0)
M Authentication Bypass by Primary Weakness	[,8.0.0)
M Authentication Bypass	[,8.0.0)
M Directory Traversal	[,8.0.0)
M Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)	[7.76.0,8.0.0)
M Allocation of Resources Without Limits or Throttling	[7.76.0,7.88.1)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.88.1)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.88.1)
H Use After Free	[0,)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.87.0)
L Stack-based Buffer Overflow	[7.84.0,7.86.0)
M Cleartext Transmission of Sensitive Information	[7.77.0,7.86.0)
M Double Free	[7.77.0,7.86.0)
M Expected Behavior Violation	[7.76.0,7.86.0)
L Improper Validation of Syntactic Correctness of Input	[,7.85.0)
M Improper Preservation of Permissions	[,7.84.0)
M Denial of Service (DoS)	[,7.84.0)
M Improper Enforcement of Message Integrity During Transmission in a Communication Channel	[,7.84.0)
M Denial of Service (DoS)	[,7.84.0)
M Improper Authentication	[7.76.0,7.83.1)
M Cleartext Transmission of Sensitive Information	[7.82.0,7.83.1)
M Infinite loop	[7.76.0,7.83.1)
M Inappropriate Encoding for Output Context	[7.80.0,7.83.1)
M Information Exposure	[,7.83.1)
L Information Exposure	[,7.83.1)
M Improper Authentication	[,7.83.1)
M Insufficiently Protected Credentials	[,7.83.1)
M Open Redirect	[,7.83.1)
M Improper Validation	[7.76.0,7.78.0)
H Resources Downloaded over Insecure Protocol	[7.76.0,7.79.1)
M Insufficiently Protected Credentials	[7.76.0,7.78.0)
M Use of Uninitialized Resource	[7.76.0,7.78.0)
C Double Free	[7.76.0,7.79.1)
H Improper Certificate Validation	[7.76.0,7.78.0)
H Use After Free	[7.76.0,7.77.0)
M Information Exposure	[7.76.0,7.77.0)
M Insufficient Verification of Data Authenticity	[7.76.0,7.79.1)
L Missing Initialization of Resource	[7.76.0,7.77.0)
L Race Condition	[7.76.0,7.77.0)

Vulnerability

Vulnerable Version

Improper Certificate Validation

[8.8.0,8.15.0)

Improper Certificate Validation

[8.5.0,8.15.0)

Credential Exposure

[7.76.0,8.12.1)

Multiple Releases of Same Resource or Handle

[8.11.1,8.12.1)

Integer Overflow to Buffer Overflow

[7.76.0,8.12.1)