Daniel Stenberg

9 exploits Active since Jul 2013
CVE-2021-22924 NOMISEC LOW STUB
libcurl - Info Disclosure
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
CVSS 3.7
CVE-2013-2174 WRITEUP WRITEUP
Haxx Curl - Memory Corruption
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
CVE-2018-0500 WRITEUP CRITICAL WRITEUP
Haxx Curl < 7.60.0 - Out-of-Bounds Write
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
CVSS 9.8
CVE-2018-16839 WRITEUP MEDIUM WRITEUP
Curl <7.61.1 - Buffer Overflow
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVSS 4.3
CVE-2018-16840 WRITEUP CRITICAL WRITEUP
curl <7.61.1 - Use After Free
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
CVSS 9.8
CVE-2018-16842 WRITEUP MEDIUM WRITEUP
Curl <7.62 - Memory Corruption
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
CVSS 4.4
CVE-2021-22897 WRITEUP MEDIUM WRITEUP
curl <7.76.1 - Info Disclosure
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
CVSS 5.3
CVE-2022-40281 WRITEUP HIGH WRITEUP
Samsung Tizenrt - Memory Leak
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
CVSS 7.5
CVE-2025-0725 WRITEUP HIGH WRITEUP
libcurl <1.2.0.3 - Buffer Overflow
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
CVSS 7.3