Skip to content

Latest commit

 

History

History
146 lines (145 loc) · 17.4 KB

TOPCURL.md

File metadata and controls

146 lines (145 loc) · 17.4 KB
Raw

Top reports from curl program at HackerOne:

  1. CVE-2021-22901: TLS session caching disaster to curl - 72 upvotes, $2000
  2. CVE-2020-8177: curl overwrite local file with -J to curl - 52 upvotes, $700
  3. CVE-2023-38545: socks5 heap buffer overflow to curl - 52 upvotes, $0
  4. CVE-2024-7264: ASN.1 date parser overread to curl - 52 upvotes, $0
  5. CVE-2020-8286: Inferior OCSP verification to curl - 50 upvotes, $0
  6. Buffer Overflow Vulnerability in WebSocket Handling to curl - 36 upvotes, $0
  7. CVE-2024-8096: OCSP stapling bypass with GnuTLS to curl - 34 upvotes, $0
  8. CVE-2024-2004: Usage of disabled protocol to curl - 32 upvotes, $0
  9. CVE-2020-8284: trusting FTP PASV responses to curl - 30 upvotes, $0
  10. cookie is sent on redirect to curl - 30 upvotes, $0
  11. CVE-2024-6197: freeing stack buffer in utf8asn1str to curl - 29 upvotes, $0
  12. CVE-2023-32001: fopen race condition to curl - 26 upvotes, $0
  13. CVE-2023-46218: cookie mixed case PSL bypass to curl - 26 upvotes, $0
  14. CVE-2023-46219: HSTS long file name clears contents to curl - 26 upvotes, $0
  15. NULL dereference when encoding DN of x509 certificate to curl - 26 upvotes, $0
  16. CVE-2024-6874: macidn punycode buffer overread to curl - 24 upvotes, $0
  17. CVE-2019-5443: Windows Privilege Escalation: Malicious OpenSSL Engine to curl - 23 upvotes, $200
  18. CVE-2019-5435: An integer overflow found in /lib/urlapi.c to curl - 23 upvotes, $0
  19. CVE-2024-0853: OCSP verification bypass with TLS session reuse to curl - 22 upvotes, $0
  20. CVE-2020-8169: Partial password leak over DNS on HTTP redirect to curl - 21 upvotes, $0
  21. Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c to curl - 21 upvotes, $0
  22. CVE-2023-28319: UAF in SSH sha256 fingerprint check to curl - 20 upvotes, $0
  23. HTTP/2 PUSH_PROMISE DoS to curl - 20 upvotes, $0
  24. CVE-2024-9681: HSTS subdomain overwrites parent cache entry to curl - 20 upvotes, $0
  25. CVE-2022-27776: Auth/cookie leak on redirect to curl - 19 upvotes, $0
  26. Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below curl results in indeterminate SSRF vulnerabilities. to curl - 19 upvotes, $0
  27. CVE-2024-2466: TLS certificate check bypass with mbedTLS to curl - 17 upvotes, $0
  28. Exploitable Format String Vulnerability in curl_mfprintf Function to curl - 17 upvotes, $0
  29. Buffer overflow in strcpy to curl - 17 upvotes, $0
  30. CVE-2023-23916: HTTP multi-header compression denial of service to curl - 16 upvotes, $0
  31. CVE-2019-5436: Heap Buffer Overflow at lib/tftp.c to curl - 14 upvotes, $200
  32. CVE-2021-22945: UAF and double-free in MQTT sending to curl - 14 upvotes, $0
  33. CVE-2022-35252: control code in cookie denial of service to curl - 13 upvotes, $0
  34. CVE-2022-43552: HTTP Proxy deny use-after-free to curl - 12 upvotes, $0
  35. CVE-2023-27537: HSTS double-free to curl - 12 upvotes, $0
  36. CVE-2024-2398: HTTP/2 push headers memory-leak to curl - 12 upvotes, $0
  37. CVE-2020-8231: Connect-only connections can use the wrong connection to curl - 11 upvotes, $0
  38. CVE-2019-5482: Heap buffer overflow in TFTP when using small blksize to curl - 11 upvotes, $0
  39. CVE-2024-2379: QUIC certificate check bypass with wolfSSL to curl - 11 upvotes, $0
  40. When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly to curl - 11 upvotes, $0
  41. CVE-2021-22897: schannel cipher selection surprise to curl - 10 upvotes, $800
  42. CVE-2021-22946: Protocol downgrade required TLS bypassed to curl - 10 upvotes, $0
  43. SMB access smuggling via FILE URL on Windows to curl - 9 upvotes, $400
  44. CVE-2022-27778: curl removes wrong file on error to curl - 8 upvotes, $0
  45. CVE-2022-27780: percent-encoded path separator in URL host to curl - 8 upvotes, $0
  46. Unicode-to-ASCII conversion on Windows can lead to argument injection and more to curl - 8 upvotes, $0
  47. CVE-2021-22890: TLS 1.3 session ticket proxy host mixup to curl - 7 upvotes, $0
  48. CVE-2021-22947: STARTTLS protocol injection via MITM to curl - 7 upvotes, $0
  49. CVE-2022-27774: Credential leak on redirect to curl - 7 upvotes, $0
  50. CVE-2022-32208: FTP-KRB bad message verification to curl - 7 upvotes, $0
  51. CVE-2022-43551: Another HSTS bypass via IDN to curl - 7 upvotes, $0
  52. CVE-2023-23915: HSTS amnesia with --parallel to curl - 7 upvotes, $0
  53. CVE-2021-22898: TELNET stack contents disclosure to curl - 6 upvotes, $1000
  54. Github wikis are editable by anyone #Githubwikistakeover to curl - 6 upvotes, $0
  55. CVE-2019-5481: krb5: double-free in read_data() after realloc() fail to curl - 6 upvotes, $0
  56. --libcurl code injection via trigraphs to curl - 6 upvotes, $0
  57. CVE-2022-42915: HTTP proxy double-free to curl - 6 upvotes, $0
  58. CVE-2023-23914: curl HSTS ignored on multiple requests to curl - 6 upvotes, $0
  59. Cache purge requests are not authenticated to curl - 6 upvotes, $0
  60. Denial of Service in curl Request - HTTP headers eat all memory to curl - 6 upvotes, $0
  61. Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities to curl - 6 upvotes, $0
  62. SSRF via maliciously crafted URL due to host confusion to curl - 5 upvotes, $0
  63. CVE-2021-22876: Automatic referer leaks credentials to curl - 5 upvotes, $0
  64. Remote memory disclosure vulnerability in libcurl on 64 Bit Windows to curl - 5 upvotes, $0
  65. CVE-2022-22576: OAUTH2 bearer bypass in connection re-use to curl - 5 upvotes, $0
  66. CVE-2022-30115: HSTS bypass via trailing dot to curl - 5 upvotes, $0
  67. Credential leak on redirect to curl - 5 upvotes, $0
  68. CVE-2022-35260: .netrc parser out-of-bounds access to curl - 5 upvotes, $0
  69. curl file writing susceptible to symlink attacks to curl - 5 upvotes, $0
  70. CVE-2023-28320: siglongjmp race condition to curl - 5 upvotes, $0
  71. CVE-2021-22924: Bad connection reuse due to flawed path name checks to curl - 4 upvotes, $1200
  72. Signed integer overflow in tool_progress_cb() to curl - 4 upvotes, $0
  73. Active Mixed Content over HTTPS to curl - 4 upvotes, $0
  74. Invalid write (or double free) triggers curl command line tool crash to curl - 4 upvotes, $0
  75. Integer overflows in tool_operate.c at line 1541 to curl - 4 upvotes, $0
  76. CVE-2022-27775: Bad local IPv6 connection reuse to curl - 4 upvotes, $0
  77. CVE-2022-27779: cookie for trailing dot TLD to curl - 4 upvotes, $0
  78. CVE-2022-27782: TLS and SSH connection too eager reuse to curl - 4 upvotes, $0
  79. Memory leak in CURLOPT_XOAUTH2_BEARER to curl - 4 upvotes, $0
  80. CVE-2022-27781: CERTINFO never-ending busy-loop to curl - 4 upvotes, $0
  81. CVE-2022-32206: HTTP compression denial of service to curl - 4 upvotes, $0
  82. CVE-2022-32205: Set-Cookie denial of service to curl - 4 upvotes, $0
  83. CVE-2021-22922: Wrong content via metalink not discarded to curl - 3 upvotes, $700
  84. CVE-2021-22923: Metalink download sends credentials to curl - 3 upvotes, $700
  85. curl overwrites local file with -J option if file non-readable, but file writable. to curl - 3 upvotes, $0
  86. Abusing URL Parsers by long schema name to curl - 3 upvotes, $0
  87. Poll loop/hang on incomplete HTTP header to curl - 3 upvotes, $0
  88. Integer overflow in the source code tool_cb_prg.c to curl - 3 upvotes, $0
  89. CVE-2021-22925: TELNET stack contents disclosure again to curl - 3 upvotes, $0
  90. Denial of Service vulnerability in curl when parsing MQTT server response to curl - 3 upvotes, $0
  91. CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars to curl - 3 upvotes, $0
  92. error parse uri path in curl to curl - 3 upvotes, $0
  93. Credential leak when use two url to curl - 3 upvotes, $0
  94. CVE-2022-32207: Unpreserved file permissions to curl - 3 upvotes, $0
  95. CVE-2022-32221: POST following PUT confusion to curl - 3 upvotes, $0
  96. libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass to curl - 3 upvotes, $0
  97. CVE-2023-27533: Telnet option IAC injection to curl - 3 upvotes, $0
  98. CVE-2023-27534: SFTP path ~ resolving discrepancy to curl - 3 upvotes, $0
  99. CVE-2023-27535: FTP too eager connection reuse to curl - 3 upvotes, $0
  100. CVE-2023-27536: GSS delegation too eager connection re-use to curl - 3 upvotes, $0
  101. CVE-2023-27538: SSH connection too eager reuse still to curl - 3 upvotes, $0
  102. CVE-2023-28322: more POST-after-PUT confusion to curl - 3 upvotes, $0
  103. CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport to curl - 2 upvotes, $1000
  104. CVE-2020-8285: FTP wildcard stack overflow to curl - 2 upvotes, $0
  105. Heap Buffer Overflow (READ of size 1) in ourWriteOut to curl - 2 upvotes, $0
  106. Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080 to curl - 2 upvotes, $0
  107. Integer overlow in "header_append" function to curl - 2 upvotes, $0
  108. curl on Windows can be forced to execute code via OpenSSL environment variables to curl - 2 upvotes, $0
  109. Binary output bypass to curl - 2 upvotes, $0
  110. CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster to curl - 2 upvotes, $0
  111. Cookie injection from non-secure context to curl - 2 upvotes, $0
  112. Heap overflow via HTTP/2 PUSH_PROMISE to curl - 2 upvotes, $0
  113. CVE-2022-42916: HSTS bypass via IDN to curl - 2 upvotes, $0
  114. CVE-2023-28321: IDN wildcard match to curl - 2 upvotes, $0
  115. Insecure Frame (External) to curl - 1 upvotes, $0
  116. Parallel upload hangs curl if upload file not found to curl - 1 upvotes, $0
  117. libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823 to curl - 1 upvotes, $0
  118. Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time to curl - 1 upvotes, $0
  119. Division by zero if terminal width is 2 to curl - 1 upvotes, $0
  120. Unexpected access to process open files via file:///proc/self/fd/n to curl - 1 upvotes, $0
  121. use after free in cookie.c to curl - 1 upvotes, $0
  122. Potential invocation of qsort on uninitialized memory during cookie save to curl - 1 upvotes, $0
  123. Resource leak when using a normal site as DOH server to curl - 1 upvotes, $0
  124. Buffer write overflow when forming dns over http request to curl - 1 upvotes, $0
  125. Integer overflow at line 1603 in the src/operator.c file to curl - 1 upvotes, $0
  126. huge COLUMNS causes progress-bar to buffer overflow to curl - 1 upvotes, $0
  127. Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c to curl - 1 upvotes, $0
  128. Proxy-Authorization header carried to a new host on a redirect to curl - 1 upvotes, $0
  129. Occasional use-after-free in multi_done() libcurl-7.81.0 to curl - 1 upvotes, $0
  130. Use of Unsafe function || Strcpy to curl - 1 upvotes, $0
  131. curl proceeds with unsafe connections when -K file can't be read to curl - 1 upvotes, $0
  132. Certificate authentication re-use on redirect to curl - 1 upvotes, $0
  133. KRB-FTP: Security level downgrade to curl - 1 upvotes, $0
  134. curl "globbing" can lead to denial of service attacks to curl - 1 upvotes, $0
  135. Port and service scanning on localhost due to improper URL validation. to curl - 0 upvotes, $0
  136. Data race conditions reported by helgrind when performing parallel DNS queries in libcurl to curl - 0 upvotes, $0
  137. Only OpenSSL handles a CRL when passed in via CApath to curl - 0 upvotes, $0
  138. curl successfully matches IP address literal in URL against IP address literal in certificate Common Name to curl - 0 upvotes, $0
  139. Curl_auth_create_plain_message integer overflow leads to heap buffer overflow to curl - 0 upvotes, $0
  140. curl still vulnerable to SMB access smuggling via FILE URL on Windows to curl - 0 upvotes, $0
  141. Incorrect IPv6 literal parsing leads to validated connection to unexpected https server. to curl - 0 upvotes, $0
  142. Double-free of trailers_buf' on Curl_http_compile_trailers()` failure to curl - 0 upvotes, $0
  143. match to curl - 0 upvotes, $0
  144. Integer overflows in unescape_word() to curl - 0 upvotes, $0