| Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-3822 | 7.5 |
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents
|
15-06-2021 - 16:45 | 06-02-2019 - 20:29 | |
| CVE-2019-3823 | 5.0 |
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed n
|
09-03-2021 - 15:15 | 06-02-2019 - 20:29 | |
| CVE-2018-16840 | 7.5 |
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (witho
|
09-10-2019 - 23:36 | 31-10-2018 - 18:29 | |
| CVE-2018-16839 | 7.5 |
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
|
09-10-2019 - 23:36 | 31-10-2018 - 18:29 | |
| CVE-2018-16842 | 6.4 |
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
|
06-08-2019 - 17:15 | 31-10-2018 - 19:29 | |
| CVE-2018-14618 | 10.0 |
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocat
|
22-04-2019 - 17:48 | 05-09-2018 - 19:29 |