Search

Search is not available in local development.
Run npx pagefind --site __site after building to enable it.

CURL_jll

JLSEC-2026-439High 7.5When doing a second SMB request to the same host again, curl would wrongly use a data poi…Mar 11, 2026 JLSEC-2026-438Medium 6.5curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, eve…Mar 11, 2026 JLSEC-2026-437Medium 5.3When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a…Mar 11, 2026 JLSEC-2026-436Medium 6.5No summary availableMar 11, 2026 JLSEC-2026-425Medium 4.6URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the outp…Feb 25, 2026 JLSEC-2026-431Low 3.1When doing SSH-based transfers using either SCP or SFTP, and asked to do public key...Jan 8, 2026 JLSEC-2026-430Medium 5.3When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file…Jan 8, 2026 JLSEC-2026-429Medium 5.3When doing TLS related transfers with reused easy or multi handles and altering the ...Jan 8, 2026 JLSEC-2026-428Medium 5.3When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a…Jan 8, 2026 JLSEC-2026-427Medium 6.3When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS opti…Jan 8, 2026 JLSEC-2026-426Medium 5.9When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the cur…Jan 8, 2026 JLSEC-2026-424Medium 4.3curl's code for managing SSH connections when SFTP was done using the wolfSSH powered bac…Nov 7, 2025 JLSEC-2026-435High 7.51. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected …Sep 12, 2025 JLSEC-2026-423Medium 5.3curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame …Sep 12, 2025 JLSEC-2026-434High 7.5Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly …Jun 7, 2025 JLSEC-2026-433Medium 4.8libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due …May 28, 2025 JLSEC-2026-432Medium 6.5libcurl accidentally skips the certificate verification for QUIC connections when connect…May 28, 2025 JLSEC-2026-422High 7.3When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP res…Feb 5, 2025 JLSEC-2026-421High 7.0libcurl would wrongly close the same eventfd file descriptor twice when taking down a con…Feb 5, 2025 JLSEC-2026-420Low 3.4When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl …Feb 5, 2025 JLSEC-2026-413Low 3.4When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl…Dec 11, 2024 JLSEC-2026-419Medium 5.9When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent …Nov 6, 2024 JLSEC-2026-418Medium 6.5When curl is told to use the Certificate Status Request TLS extension, often referred to …Sep 11, 2024 JLSEC-2025-38libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Gene…Jul 31, 2024 JLSEC-2025-36libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 str…Jul 24, 2024 JLSEC-2026-417Medium 6.5libcurl did not check the server certificate of TLS connections done to a host specified …Mar 27, 2024 JLSEC-2026-416High 8.6When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of…Mar 27, 2024 JLSEC-2026-415Medium 6.3libcurl skips the certificate verification for a QUIC connection under certain conditions…Mar 27, 2024 JLSEC-2026-414Low 3.5When a protocol selection parameter option disables all protocols without adding any then…Mar 27, 2024 JLSEC-2026-412Medium 5.3curl inadvertently kept the SSL session ID for connections in its cache even when the ver…Feb 3, 2024 JLSEC-2026-411Medium 6.5This flaw allows a malicious HTTP server to set "super cookies" in curl that are then pas…Dec 7, 2023 JLSEC-2025-35This flaw allows an attacker to insert cookies at will into a running program using libcu…Oct 18, 2023 JLSEC-2025-34This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.Oct 18, 2023 JLSEC-2026-410No summary availableMay 26, 2023 JLSEC-2026-409No summary availableMay 26, 2023 JLSEC-2026-408No summary availableMay 26, 2023 JLSEC-2026-407No summary availableMay 26, 2023 JLSEC-2025-33An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses …Mar 30, 2023 JLSEC-2025-30An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feat…Mar 30, 2023 JLSEC-2025-31An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reu…Mar 30, 2023 JLSEC-2026-406No summary availableMar 30, 2023 JLSEC-2026-405No summary availableMar 30, 2023 JLSEC-2026-404No summary availableFeb 23, 2023 JLSEC-2026-403No summary availableFeb 23, 2023 JLSEC-2026-402No summary availableFeb 23, 2023 JLSEC-2026-401No summary availableFeb 9, 2023 JLSEC-2026-400No summary availableDec 23, 2022 JLSEC-2026-396No summary availableDec 5, 2022 JLSEC-2026-398No summary availableOct 29, 2022 JLSEC-2026-399No summary availableOct 29, 2022 JLSEC-2026-397No summary availableSep 23, 2022 JLSEC-2026-395No summary availableJul 7, 2022 JLSEC-2026-394No summary availableJul 7, 2022 JLSEC-2026-393No summary availableJul 7, 2022 JLSEC-2026-392No summary availableJul 7, 2022 JLSEC-2026-391No summary availableJun 2, 2022 JLSEC-2026-390No summary availableJun 2, 2022 JLSEC-2026-389No summary availableJun 2, 2022 JLSEC-2026-388No summary availableJun 2, 2022 JLSEC-2026-387No summary availableJun 2, 2022 JLSEC-2026-386No summary availableJun 2, 2022 JLSEC-2026-385No summary availableMay 26, 2022