Curl


15 total issues disclosed

$11,650 total paid publicly


Most disclosed (3 disclosures) — Information Disclosure

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
CVE-2021-22947: STARTTLS protocol injection via MITM Cryptographic Issues - Generic monnerat Medium 2021-09-24
CVE-2021-22946: Protocol downgrade required TLS bypassed Missing Required Cryptographic Step monnerat Medium 2021-09-24
CVE-2021-22945: UAF and double-free in MQTT sending Double Free z2_ Medium 2021-09-15
CVE-2021-22924: Bad connection reuse due to flawed path name checks Improper Input Validation nyymi High 2021-07-21
CVE-2021-22925: TELNET stack contents disclosure again Information Disclosure thoger Low 2021-07-21
CVE-2021-22923: Metalink download sends credentials Cleartext Transmission of Sensitive Information nyymi Medium 2021-07-21
CVE-2021-22922: Wrong content via metalink not discarded Business Logic Errors nyymi Medium 2021-07-21
CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport Business Logic Errors nyymi Medium 2021-07-21
CVE-2021-22901: TLS session caching disaster Use After Free nyymi High 2021-05-26
CVE-2021-22897: schannel cipher selection surprise Business Logic Errors nyymi Low 2021-05-26
Heap buffer overflow in TFTP when using small blksize Heap Overflow thomas_v Medium 2020-11-14
krb5: double-free in read_data() after realloc() fail Double Free thomas_v Medium 2020-11-14
Connect-only connections can use the wrong connection Information Disclosure m42a Low 2020-11-05
Data race conditions reported by helgrind when performing parallel DNS queries in libcurl Information Disclosure brumbrum Medium 2020-11-04
Parallel upload hangs curl if upload file not found Denial of Service brumbrum None 2020-10-29