curl / Docs / Vulnerability table / 7.53.1 vulnerabilities

Vulnerabilities in curl 7.53.1

curl version 7.53.1 was released on February 24 2017. The following 18 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
warning message out-of-buffer read7.14.17.61.1CVE-2018-16842CWE-125: Out-of-bounds Read
SASL password overflow via integer overflow7.33.07.61.1CVE-2018-16839CWE-131: Incorrect Calculation of Buffer Size
NTLM password overflow via integer overflow7.15.47.61.0CVE-2018-14618CWE-131: Incorrect Calculation of Buffer Size
RTSP bad headers buffer over-read7.20.07.59.0CVE-2018-1000301CWE-126: Buffer Over-read
RTSP RTP buffer over-read7.20.07.58.0CVE-2018-1000122CWE-126: Buffer Over-read
LDAP NULL pointer dereference7.21.07.58.0CVE-2018-1000121CWE-476: NULL Pointer Dereference
FTP path trickery leads to NIL byte out of bounds write7.12.37.58.0CVE-2018-1000120CWE-122: Heap-based Buffer Overflow
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
HTTP/2 trailer out-of-bounds read7.49.07.57.0CVE-2018-1000005CWE-126: Buffer Over-read
FTP wildcard out of bounds read7.21.07.56.1CVE-2017-8817CWE-126: Buffer Over-read
NTLM buffer overflow via integer overflow7.36.07.56.1CVE-2017-8816CWE-131: Incorrect Calculation of Buffer Size
IMAP FETCH response out of bounds read7.20.07.56.0CVE-2017-1000257CWE-126: Buffer Over-read
FTP PWD response parser out of bounds read7.77.55.1CVE-2017-1000254CWE-126: Buffer Over-read
URL globbing out of bounds read7.34.07.54.1CVE-2017-1000101CWE-126: Buffer Over-read
TFTP sends more than buffer size7.15.07.54.1CVE-2017-1000100CWE-126: Buffer Over-read
URL file scheme drive letter buffer overflow7.53.07.54.0CVE-2017-9502CWE-122: Heap-based Buffer Overflow
TLS session resumption client cert bypass (again)7.52.07.53.1CVE-2017-7468CWE-305: Authentication Bypass by Primary Weakness
--write-out out of buffer read6.57.53.1CVE-2017-7407CWE-126: Buffer Over-read

Changelog for curl 7.53.1

See vulnerability summary for the previous release: 7.53.0 or the subsequent release: 7.54.0