Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Curl
(Haxx)Repositories |
• https://github.com/curl/curl
• https://github.com/bagder/curl |
#Vulnerabilities | 108 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-02-03 | CVE-2024-0853 | curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. | Curl | 5.3 | ||
2016-05-20 | CVE-2016-3739 | The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. | Curl | 5.3 |