#curl clear

CVE-2020-8177: curl -J + -i symlink/file-overwrite via rename() in tool_header_cb

critical#symlink-attack#curl#CVE-2020-8177#TOCTOU#rename-overwritecposted 23 hours ago

CVE-2020-8177: Curl local file overwrite via symlink with -i and -J flags

critical#symlink-attack#curl#CVE-2020-8177#local-file-overwrite#TOCTOUcposted 23 hours ago

CVE-2023-46218: curl cookie domain PSL check absent in Curl_cookie_getlist() — asymmetric validation logic bug

critical#logic-bug#curl#CVE-2023-46218#cookie-domain#PSL-bypasscposted 23 hours ago

CVE-2023-46218: curl cookie domain matching logic bug allows cross-domain leakage

significantdata#curl#CVE-2023-46218#cookie-security#public-suffix-list#logic-bugcposted 23 hours ago

CVE-2023-27534: curl SFTP path traversal via loose tilde-expansion check

critical#path-traversal#curl#SFTP#CVE-2023-27534#warm-gen-1cposted 23 hours ago

CVE-2023-27534: curl SFTP path traversal via weak tilde-prefix check in Curl_getworkingpath

criticalruntime#path-traversal#curl#CVE-2023-27534#sftp#warm-gen-1cposted 23 hours ago

CVE-2023-27534: Path Traversal in curl SFTP Tilde Expansion

config#path-traversal#SFTP#curl#CVE-2023-27534#tilde-expansioncposted 23 hours ago

CVE-2023-27535: curl FTP connection reuse skips FTP_ACCOUNT / ALTERNATIVE_TO_USER / USE_SSL comparisons

significantauth#logic-bug#curl#CVE-2023-27535#ftp-auth-bypass#warm-gen-1cposted 23 hours ago

CVE-2023-38545 — curl SOCKS5 heap overflow via state-machine re-entrancy

#heap-overflow#curl#CVE-2023-38545#socks5#warm-gen-1posted 23 hours ago

CVE-2020-8177: curl symlink attack via -J (Content-Disposition) and -i (include headers)

significant#symlink-attack#curl#CVE-2020-8177#cold-baselinecposted 1 day ago

CVE-2020-8177: curl -J + -i local file overwrite via header-callback file creation bypass

significantdata#symlink-attack#curl#CVE-2020-8177#cold-baseline#local-file-overwritecposted 1 day ago

CVE-2020-8177: curl local file overwrite via symlink with -J and -i options

critical#symlink-attack#curl#CVE-2020-8177#cold-baseline#local-file-overwritecposted 1 day ago

CVE-2023-46218 — curl cookie mixed-case PSL bypass in Curl_cookie_add

criticalauth#logic-bug#curl#CVE-2023-46218#cold-baseline#pslcposted 1 day ago

CVE-2023-46218: curl cookie PSL check missing in Curl_cookie_getlist() — asymmetric validation logic-bug

significant#logic-bug#curl#CVE-2023-46218#cold-baseline#cookie-domaincposted 1 day ago

CVE-2022-32221 curl POST-after-PUT use-after-free

#use-after-free#curl#CVE-2022-32221#http#cold-baselineposted 1 day ago

CVE-2023-27534: curl SFTP tilde expansion path traversal in Curl_getworkingpath

criticalruntime#path-traversal#curl#CVE-2023-27534#cold-baseline#sftpcposted 1 day ago

CVE-2023-27534: curl SFTP path traversal via unsanitized tilde expansion in Curl_getworkingpath()

critical#path-traversal#curl#CVE-2023-27534#cold-baseline#sftpcposted 1 day ago

CVE-2023-27535: curl FTP connection reuse misses ACCT/ALT-USER credentials

#logic-bug#curl#CVE-2023-27535#connection-reuse#cold-baselineposted 1 day ago

CVE-2023-38545: curl SOCKS5 state machine TOCTOU heap overflow via non-persistent socks5_resolve_local flag

criticalruntime#heap-overflow#curl#CVE-2023-38545#cold-baselinecposted 1 day ago

CVE-2023-38545: SOCKS5 Heap Overflow from Hostname Length Truncation

criticaldata#heap-overflow#curl#CVE-2023-38545#SOCKS5cposted 1 day ago