curl - HackerOne Reports
View on HackerOne247
Total Reports
13
Critical
47
High
82
Medium
64
Low
Potential invocation of qsort on uninitialized memory during cookie save
Reported by:
pauldreik
|
Disclosed:
Low
Weakness: Memory Corruption - Generic
Buffer Overflow Vulnerability in WebSocket Handling
Reported by:
hackers_
|
Disclosed:
High
Weakness: Heap Overflow
CVE-2024-0853: OCSP verification bypass with TLS session reuse
Reported by:
kurohiro
|
Disclosed:
Low
Weakness: Improper Check for Certificate Revocation
Information Disclosure at : https://curl.se/.mailmap
Reported by:
haithamzakaria
|
Disclosed:
High
Weakness: Information Disclosure
Speculative Execution Side-Channel in `curl`
Reported by:
evilginx1
|
Disclosed:
Medium
Weakness: Authentication Bypass by Primary Weakness
CVE-2023-27533: Telnet option IAC injection
Reported by:
nyymi
|
Disclosed:
Low
Weakness: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
netrc crlf injection
Reported by:
nyymi
|
Disclosed:
Weakness: CRLF Injection
curl ASSERTs when accessing an LDAP URL
Reported by:
cmeister2
|
Disclosed:
Weakness: Business Logic Errors
CVE-2020-8285: FTP wildcard stack overflow
Reported by:
bagder
|
Disclosed:
Medium
Weakness: Uncontrolled Recursion
Improper Restriction of Authentication Attempts in cURL
Reported by:
irfanmughal1122
|
Disclosed:
Critical
Weakness: Improper Restriction of Authentication Attempts
Github wikis are editable by anyone #Githubwikistakeover
Reported by:
ronb1996
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
Remote memory disclosure vulnerability in libcurl on 64 Bit Windows
Reported by:
nsq11
|
Disclosed:
High
Weakness: Information Exposure Through Sent Data
Heap overflow via HTTP/2 PUSH_PROMISE
Reported by:
nyymi
|
Disclosed:
Low
Weakness: Heap Overflow
Exposure of Hard-coded Private Keys and Credentials in curl Source Repository (CWE-321)
Reported by:
spectre-1
|
Disclosed:
Critical
Weakness: Use of Hard-coded Cryptographic Key
Account/Repository Takeover via Abandoned GitHub Username in curl's href_extractor.c
Reported by:
ks_karem77
|
Disclosed:
Medium
Weakness: LLM05: Supply Chain Vulnerabilities
Insecure WebSocket Usage in curl Documentation and Examples (CWE-319: Cleartext Transmission of Sensitive Information)
Reported by:
spectre-1
|
Disclosed:
High
Weakness: Cleartext Transmission of Sensitive Information
Unsafe Global IFS Modification in OS400 Shell Script Enables Command Injection and Parsing Flaws (CWE-78/CWE-20)
Reported by:
spectre-1
|
Disclosed:
High
Weakness: Improper Input Validation
CVE-2022-27776: Auth/cookie leak on redirect
Reported by:
nyymi
|
Disclosed:
Medium
Weakness: Insufficiently Protected Credentials
CVEs:
CVE-2022-27774
Double-free of `trailers_buf' on `Curl_http_compile_trailers()` failure
Reported by:
thomas_v
|
Disclosed:
Medium
Weakness: Double Free
curl_easy_header runs at O(N) or worse and can be abused to use minute(s) of CPU time
Reported by:
wolfsage
|
Disclosed:
Weakness: Uncontrolled Resource Consumption