curl vulnerabilities

Known vulnerabilities in the curl package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2025-10148	*
L CVE-2025-9086	*
L CVE-2024-8096	<8.10.0-1
L CVE-2024-11053	<8.11.1-1
M Improper Authentication	<7.88.1-7
M Improper Certificate Validation	<7.88.1-10
H CVE-2022-27775	<7.83.0-1
H Cleartext Transmission of Sensitive Information	<7.86.0-3
H Directory Traversal	<7.88.1-7
L CVE-2025-0167	<8.12.0+git20250209.89ed161+ds-1
L Insufficiently Protected Credentials	<7.79.1-1
L Missing Initialization of Resource	<7.79.1-1
L Improper Validation of Integrity Check Value	<7.79.1-1
L Integer Overflow or Wraparound	<7.64.0-4
C Double Free	<7.66.0-1
C Out-of-bounds Write	<8.3.0-3
H Allocation of Resources Without Limits or Throttling	<8.3.0-1
H Arbitrary Code Injection	<7.88.1-7
M Improper Authentication	<7.88.1-7
C Integer Overflow or Wraparound	<7.62.0-1
M Allocation of Resources Without Limits or Throttling	<7.84.0-1
H Out-of-bounds Read	<7.64.0-1
M Out-of-bounds Write	<7.86.0-1
L CVE-2022-35252	<7.85.0-1
H Improper Certificate Validation	<7.52.1-5
H Cleartext Transmission of Sensitive Information	<7.86.0-1
M Out-of-bounds Write	<7.84.0-1
L Improper Certificate Validation	<8.14.0-1
C Out-of-bounds Read	<7.57.0-1
M Improper Input Validation	<7.43.0-1
H Out-of-bounds Write	<7.74.0-1
M Insufficiently Protected Credentials	<7.83.0-1
L Improper Certificate Validation	<8.7.1-1
M Access Restriction Bypass	<7.42.0-1
M Information Exposure	<7.43.0-1
L Loop with Unreachable Exit Condition ('Infinite Loop')	<8.14.1-1
M Insufficient Verification of Data Authenticity	<7.79.1-1
M Improper Authentication	<7.35.0-1
L CVE-2024-2004	<8.7.1-1
M Out-of-bounds Read	<8.9.1-1
M Insufficient Comparison	<8.11.0-1
L Missing Release of Resource after Effective Lifetime	<8.7.1-1
L Buffer Overflow	<8.12.0+git20250209.89ed161+ds-1
L CVE-2023-38546	<8.3.0-3
H CVE-2006-1061	<7.15.3-1
L CVE-2024-2466	<8.7.1-1
C Out-of-bounds Read	<7.60.0-1
M Improper Certificate Validation	<8.6.0-1
C Out-of-Bounds	<7.57.0-1
H Use After Free	<7.88.1-10
C Cleartext Transmission of Sensitive Information	<7.88.1-1
M Improper Authentication	<7.88.1-7
M Out-of-Bounds	<7.15.0-1
H Use of Incorrectly-Resolved Name or Reference	<7.83.1-1
C Incorrect Default Permissions	<7.84.0-1
M Allocation of Resources Without Limits or Throttling	<7.88.1-1
M Insufficiently Protected Credentials	<7.83.0-1
H Cleartext Transmission of Sensitive Information	<7.79.1-1
H Server-Side Request Forgery (SSRF)	<7.83.1-1
H Improper Certificate Validation	<7.83.1-1
C Double Free	<7.79.1-1
L CVE-2020-8284	<7.74.0-1
H Information Exposure	<7.72.0-1
L Out-of-Bounds	<7.52.1-4
L Use of Incorrectly-Resolved Name or Reference	<7.79.1-1
L Integer Overflow or Wraparound	<7.66.0-1
C Out-of-bounds Read	<7.62.0-1
C Out-of-bounds Read	<7.60.0-1
H Out-of-Bounds	<7.42.0-1
M Improper Certificate Validation	<7.52.1-3
M Information Exposure	<7.38.0-3
H Out-of-bounds Read	<7.64.0-1
M Out-of-Bounds	<7.55.0-1
C Out-of-Bounds	<7.62.0-1
M Out-of-Bounds	<7.31.0-1
M Information Exposure	<7.55.0-1
L Authentication Bypass	<7.74.0-1.2
M Cross-site Request Forgery (CSRF)	<7.18.2-8.1
H Improper Input Validation	<7.51.0-1
L CVE-2025-0665	<8.12.0+git20250209.89ed161+ds-1
L CVE-2007-3564	<7.16.4-1
C CVE-2018-1000007	<7.58.0-1
C Out-of-bounds Write	<7.60.0-1
H Out-of-bounds Write	<7.51.0-1
M Missing Encryption of Sensitive Data	<8.5.0-1
C Double Free	<7.51.0-1
H Use After Free	<7.50.1-1
M CVE-2023-46218	<8.5.0-1
C Double Free	<7.51.0-1
L Improper Certificate Validation	<8.14.0-1
M Information Exposure	<7.42.1-1
C Out-of-bounds Write	<7.61.0-1
H Resource Injection	<7.51.0-1
M Improper Authentication	<7.36.0-1
H Use After Free	<7.51.0-1
M Double Free	<7.88.1-7
H Out-of-Bounds	<7.42.0-1
M Out-of-bounds Read	<8.9.0-1
M Improper Input Validation	<7.34.0-1
M Information Exposure	<7.29.0-2.1
H CVE-2024-6197	<8.9.0-1
H Double Free	<7.86.0-1
M Cryptographic Issues	<7.38.0-1
H Out-of-Bounds	<7.29.0-1
M CVE-2014-8150	<7.38.0-4
M Cryptographic Issues	<7.38.0-1
L CVE-2023-28322	<7.88.1-10
M Cleartext Transmission of Sensitive Information	<7.83.1-1
M Cryptographic Issues	<7.33.0-1
M Use After Free	<7.86.0-3
C Exposure of Resource to Wrong Sphere	<7.86.0-1
M Allocation of Resources Without Limits or Throttling	<7.84.0-1
M Cleartext Transmission of Sensitive Information	<7.88.1-1
H CVE-2005-0490	<7.13.0-2
H Missing Authentication for Critical Function	<7.83.0-1
M Information Exposure	<7.74.0-1.2
L Race Condition	<7.88.1-10
M CVE-2022-27779	<7.83.1-1
C Buffer Overflow	<7.66.0-1
H Arbitrary Code Injection	<7.72.0-1
H Use After Free	<7.72.0-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<7.83.1-1
H Improper Authorization	<7.50.1-1
C Use After Free	<7.62.0-1
H Out-of-bounds Write	<7.64.0-4
C Out-of-bounds Write	<7.64.0-1
C Out-of-bounds Read	<7.58.0-1
C Out-of-bounds Write	<7.60.0-1
H Out-of-Bounds	<7.56.1-1
C Out-of-bounds Read	<7.51.0-1
H Improper Certificate Validation	<7.74.0-1
M Credentials Management	<7.51.0-1
H Improper Input Validation	<7.51.0-1
C Integer Overflow or Wraparound	<7.57.0-1
C Out-of-Bounds	<7.56.1-1
C Integer Overflow or Wraparound	<7.51.0-1
H NULL Pointer Dereference	<7.60.0-1
H Heap-based Buffer Overflow	<7.52.1-1
M Improper Access Control	<7.42.0-1
L Improper Input Validation	<7.50.1-1
C Out-of-bounds Write	<7.51.0-1
H Cryptographic Issues	<7.50.1-1
H Improper Authentication	<7.47.0-1
H Credentials Management	<7.21.6-2
L Access Restriction Bypass	<7.20.0-1
H Out-of-bounds Read	<7.51.0-1
H Improper Authentication	<7.51.0-1
H SQL Injection	<7.24.0-1
M Cryptographic Issues	<7.19.5-1.1
M Numeric Errors	<7.15.1-1
H Credentials Management	<7.10.7-1
M Improper Input Validation	<7.24.0-1
M Cryptographic Issues	<7.36.0-1

Vulnerability

Vulnerable Version

CVE-2025-10148