curl / Docs / Vulnerability table / 6.4 vulnerabilities

Vulnerabilities in curl 6.4

curl version 6.4 was released on January 17 2000. The following 5 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
URL request injection6.07.39.0CVE-2014-8150CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
cookie domain tailmatch6.07.29.0CVE-2013-1944CWE-201: Information Exposure Through Sent Data
Arbitrary File Access6.07.19.3CVE-2009-0037CWE-142: Improper Neutralization of Value Delimiters
FTP Server Response Buffer Overflow6.07.4CVE-2000-0973CWE-121: Stack-based Buffer Overflow

Changelog for curl 6.4

See vulnerability summary for the previous release: 6.3.1 or the subsequent release: 6.5