curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

Related CVEs

CVE-2016-8625

Key Information

GHSA ID

GHSA-33h3-8669-hjwx

Published

May 13, 2022 1:09 AM

Last Modified

May 13, 2022 1:09 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 28, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.