Libcurl
This hub aggregates every CVE we track for Libcurl, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
64
CVEs tracked
10
Critical
19
High
0
In CISA KEV
Severity distribution
MEDIUM31HIGH19CRITICAL10LOW4
Monthly trend
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Libcurl.
- CVE-2025-0725gzip integer overflow7.3
- CVE-2024-32928The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud service...5.9
- CVE-2024-7264ASN.1 date parser overread6.5
- CVE-2024-6874macidn punycode buffer overread4.3
- CVE-2024-6197freeing stack buffer in utf8asn1str7.5
- CVE-2023-38545This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of ...9.8
- CVE-2023-38546This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application cr...3.7
- CVE-2023-27538An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have ...5.5
- CVE-2023-27537A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate thread...5.9
- CVE-2023-27535An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created c...5.9
- CVE-2023-27536An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to c...5.9
- CVE-2021-22945When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call...9.1
- CVE-2021-22924libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not ta...3.7
- CVE-2021-22890curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS ...3.7
- CVE-2021-22876curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip...5.3
Product normalization is registry-driven with AI assist and human review. How it works