Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Libcurl Subscribe
Filtered by product Libcurl
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2417 2 Curl, Libcurl 2 Libcurl, Libcurl 2018-10-10 7.5 HIGH N/A
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2005-3185 3 Curl, Libcurl, Wget 3 Curl, Libcurl, Wget 2018-10-03 7.5 HIGH N/A
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
CVE-2005-0490 2 Curl, Libcurl 2 Curl, Libcurl 2017-10-10 5.1 MEDIUM N/A
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
CVE-2007-3564 1 Libcurl 1 Libcurl 2017-07-28 7.5 HIGH N/A
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.