curl / Docs / Vulnerability table / 6.5 vulnerabilities

Vulnerabilities in curl 6.5

curl version 6.5 was released on March 13 2000. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
--write-out out of buffer read6.57.53.1CVE-2017-7407CWE-126: Buffer Over-read
URL request injection6.07.39.0CVE-2014-8150CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
cookie domain tailmatch6.07.29.0CVE-2013-1944CWE-201: Information Exposure Through Sent Data
Arbitrary File Access6.07.19.3CVE-2009-0037
FTP Server Response Buffer Overflow6.07.4CVE-2000-0973

Changelog for curl 6.5

See vulnerability summary for the previous release: 6.4 or the subsequent release: 6.5.1