curl / Docs / Vulnerability table / 7.52.0 vulnerabilities

Vulnerabilities in curl 7.52.0

curl version 7.52.0 was released on December 21 2016. The following 16 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
RTSP bad headers buffer over-read7.20.07.59.0CVE-2018-1000301CWE-126: Buffer Over-read
RTSP RTP buffer over-read7.20.07.58.0CVE-2018-1000122CWE-126: Buffer Over-read
LDAP NULL pointer dereference7.21.07.58.0CVE-2018-1000121CWE-476: NULL Pointer Dereference
FTP path trickery leads to NIL byte out of bounds write7.12.37.58.0CVE-2018-1000120CWE-122: Heap-based Buffer Overflow
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
HTTP/2 trailer out-of-bounds read7.49.07.57.0CVE-2018-1000005CWE-126: Buffer Over-read
FTP wildcard out of bounds read7.21.07.56.1CVE-2017-8817CWE-126: Buffer Over-read
NTLM buffer overflow via integer overflow7.36.07.56.1CVE-2017-8816CWE-131: Incorrect Calculation of Buffer Size
IMAP FETCH response out of bounds read7.20.07.56.0CVE-2017-1000257CWE-126: Buffer Over-read
FTP PWD response parser out of bounds read7.77.55.1CVE-2017-1000254CWE-126: Buffer Over-read
URL globbing out of bounds read7.34.07.54.1CVE-2017-1000101CWE-126: Buffer Over-read
TFTP sends more than buffer size7.15.07.54.1CVE-2017-1000100CWE-126: Buffer Over-read
TLS session resumption client cert bypass (again)7.52.07.53.1CVE-2017-7468CWE-305: Authentication Bypass by Primary Weakness
--write-out out of buffer read6.57.53.1CVE-2017-7407CWE-126: Buffer Over-read
SSL_VERIFYSTATUS ignored7.52.07.52.1CVE-2017-2629CWE-304: Missing Critical Step in Authentication
uninitialized random7.52.07.52.0CVE-2016-9594CWE-330: Use of Insufficiently Random Values

Changelog for curl 7.52.0

See vulnerability summary for the previous release: 7.51.0 or the subsequent release: 7.52.1