curl / Docs / Vulnerability table / 7.10.7 vulnerabilities

Vulnerabilities in curl 7.10.7

curl version 7.10.7 was released on August 15 2003

It has the following 51 published security problems.

SFlawFirstLast
MCVE-2026-11856: cross-origin Digest auth state leak7.10.68.20.0
LCVE-2026-8932: incomplete mTLS config matching in conn reuse7.78.20.0
MCVE-2026-5545: wrong reuse of HTTP Negotiate connection7.10.68.19.0
LCVE-2026-3784: wrong proxy connection reuse with credentials7.78.18.0
MCVE-2026-1965: bad reuse of HTTP Negotiate connection7.10.68.18.0
LCVE-2025-0725: gzip integer overflow7.10.58.11.1
LCVE-2023-38546: cookie injection with none file7.9.18.3.0
LCVE-2023-28322: more POST-after-PUT confusion7.78.0.1
LCVE-2023-28320: siglongjmp race condition7.9.88.0.1
LCVE-2023-27533: TELNET option IAC injection7.77.88.1
MCVE-2022-32221: POST following PUT confusion7.77.85.0
LCVE-2022-35252: control code in cookie denial of service4.97.84.0
LCVE-2022-27776: Auth/cookie leak on redirect4.97.82.0
MCVE-2022-27774: Credential leak on redirect4.97.82.0
MCVE-2021-22925: TELNET stack contents disclosure again7.77.77.0
MCVE-2021-22924: Bad connection reuse due to flawed path name checks7.10.47.77.0
MCVE-2021-22898: TELNET stack contents disclosure7.77.76.1
LCVE-2021-22876: Automatic referer leaks credentials7.1.17.75.0
LCVE-2020-8284: trusting FTP PASV responses4.07.73.0
LCVE-2018-1000007: HTTP authentication leak in redirects6.07.57.0
MCVE-2017-1000254: FTP PWD response parser out of bounds read7.77.55.1
MCVE-2017-7407: --write-out out of buffer read6.57.53.1
MCVE-2016-9586: printf floating point buffer overflow5.47.51.0
HCVE-2016-8615: cookie injection for other servers4.97.50.3
MCVE-2016-8616: case insensitive password comparison7.77.50.3
MCVE-2016-8617: OOB write via unchecked multiplication7.8.17.50.3
MCVE-2016-8618: double free in curl_maprintf5.47.50.3
HCVE-2016-8619: double free in krb5 code7.37.50.3
HCVE-2016-8623: Use after free via shared cookies7.10.77.50.3
MCVE-2016-8624: invalid URL parsing with '#'6.07.50.3
HCVE-2016-5419: TLS session resumption client cert bypass5.07.50.0
MCVE-2016-5420: Reusing connections with wrong client cert7.77.50.0
HCVE-2016-0754: remote filename path traversal in curl tool for Windows4.07.46.0
MCVE-2016-0755: NTLM credentials not-checked for proxy connection reuse7.10.77.46.0
HCVE-2015-3153: sensitive HTTP server headers also sent to proxies4.07.42.0
MCVE-2015-3148: Negotiate not treated as connection-oriented7.10.67.41.0
MCVE-2015-3143: Reusing authenticated connection when unauthenticated7.10.67.41.0
HCVE-2014-8150: URL request injection6.07.39.0
MCVE-2014-3613: cookie leak with IP address as domain4.07.37.1
MCVE-2014-0139: IP address wildcard certificate validation7.10.37.35.0
MCVE-2014-0138: wrong reuse of connections7.10.67.35.0
MCVE-2014-0015: reuse of wrong HTTP NTLM connection7.10.67.34.0
HCVE-2013-2174: URL decode buffer boundary flaw7.77.30.0
HCVE-2013-1944: cookie domain tailmatch4.77.29.0
HCVE-2011-3389: SSL CBC IV vulnerability7.10.67.23.1
MCVE-2011-2192: inappropriate GSSAPI delegation7.10.67.21.6
HCVE-2010-0734: data callback excessive length7.10.57.19.7
HCVE-2009-2417: embedded zero in cert name7.47.19.5
MCVE-2009-0037: Arbitrary File Access5.117.19.3
HCVE-2005-3185: NTLM Buffer Overflow7.10.67.14.1
HCVE-2005-0490: Authentication Buffer Overflows7.37.13.0

Further details

CVE data for 7.10.7 provided as JSON.

Changelog for curl 7.10.7

See vulnerability summary for the previous release: 7.10.6 or the subsequent release: 7.10.8