Skip to content

Latest commit

 

History

History
134 lines (133 loc) · 15.9 KB

TOPCURL.md

File metadata and controls

134 lines (133 loc) · 15.9 KB
Raw

Top reports from curl program at HackerOne:

  1. CVE-2021-22901: TLS session caching disaster to curl - 71 upvotes, $2000
  2. CVE-2020-8177: curl overwrite local file with -J to curl - 52 upvotes, $700
  3. CVE-2023-38545: socks5 heap buffer overflow to curl - 52 upvotes, $0
  4. CVE-2020-8286: Inferior OCSP verification to curl - 49 upvotes, $0
  5. Buffer Overflow Vulnerability in WebSocket Handling to curl - 33 upvotes, $0
  6. CVE-2024-2004: Usage of disabled protocol to curl - 31 upvotes, $0
  7. CVE-2020-8284: trusting FTP PASV responses to curl - 30 upvotes, $0
  8. cookie is sent on redirect to curl - 28 upvotes, $0
  9. CVE-2023-32001: fopen race condition to curl - 26 upvotes, $0
  10. CVE-2023-46219: HSTS long file name clears contents to curl - 26 upvotes, $0
  11. CVE-2023-46218: cookie mixed case PSL bypass to curl - 25 upvotes, $0
  12. CVE-2019-5443: Windows Privilege Escalation: Malicious OpenSSL Engine to curl - 23 upvotes, $200
  13. CVE-2019-5435: An integer overflow found in /lib/urlapi.c to curl - 23 upvotes, $0
  14. CVE-2024-0853: OCSP verification bypass with TLS session reuse to curl - 22 upvotes, $0
  15. CVE-2020-8169: Partial password leak over DNS on HTTP redirect to curl - 21 upvotes, $0
  16. CVE-2023-28319: UAF in SSH sha256 fingerprint check to curl - 20 upvotes, $0
  17. Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c to curl - 19 upvotes, $0
  18. HTTP/2 PUSH_PROMISE DoS to curl - 19 upvotes, $0
  19. CVE-2022-27776: Auth/cookie leak on redirect to curl - 18 upvotes, $0
  20. Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below curl results in indeterminate SSRF vulnerabilities. to curl - 17 upvotes, $0
  21. CVE-2023-23916: HTTP multi-header compression denial of service to curl - 16 upvotes, $0
  22. CVE-2024-2466: TLS certificate check bypass with mbedTLS to curl - 16 upvotes, $0
  23. CVE-2021-22945: UAF and double-free in MQTT sending to curl - 14 upvotes, $0
  24. CVE-2019-5436: Heap Buffer Overflow at lib/tftp.c to curl - 13 upvotes, $200
  25. CVE-2022-35252: control code in cookie denial of service to curl - 13 upvotes, $0
  26. CVE-2022-43552: HTTP Proxy deny use-after-free to curl - 12 upvotes, $0
  27. CVE-2023-27537: HSTS double-free to curl - 12 upvotes, $0
  28. CVE-2020-8231: Connect-only connections can use the wrong connection to curl - 11 upvotes, $0
  29. CVE-2019-5482: Heap buffer overflow in TFTP when using small blksize to curl - 11 upvotes, $0
  30. CVE-2024-2398: HTTP/2 push headers memory-leak to curl - 11 upvotes, $0
  31. CVE-2021-22897: schannel cipher selection surprise to curl - 10 upvotes, $800
  32. CVE-2024-2379: QUIC certificate check bypass with wolfSSL to curl - 10 upvotes, $0
  33. SMB access smuggling via FILE URL on Windows to curl - 9 upvotes, $400
  34. CVE-2021-22946: Protocol downgrade required TLS bypassed to curl - 9 upvotes, $0
  35. CVE-2022-27778: curl removes wrong file on error to curl - 8 upvotes, $0
  36. CVE-2021-22890: TLS 1.3 session ticket proxy host mixup to curl - 7 upvotes, $0
  37. CVE-2021-22947: STARTTLS protocol injection via MITM to curl - 7 upvotes, $0
  38. CVE-2022-27780: percent-encoded path separator in URL host to curl - 7 upvotes, $0
  39. CVE-2022-32208: FTP-KRB bad message verification to curl - 7 upvotes, $0
  40. CVE-2022-43551: Another HSTS bypass via IDN to curl - 7 upvotes, $0
  41. CVE-2023-23915: HSTS amnesia with --parallel to curl - 7 upvotes, $0
  42. CVE-2019-5481: krb5: double-free in read_data() after realloc() fail to curl - 6 upvotes, $0
  43. --libcurl code injection via trigraphs to curl - 6 upvotes, $0
  44. CVE-2022-27774: Credential leak on redirect to curl - 6 upvotes, $0
  45. CVE-2022-42915: HTTP proxy double-free to curl - 6 upvotes, $0
  46. CVE-2023-23914: curl HSTS ignored on multiple requests to curl - 6 upvotes, $0
  47. Cache purge requests are not authenticated to curl - 6 upvotes, $0
  48. CVE-2021-22898: TELNET stack contents disclosure to curl - 5 upvotes, $1000
  49. Github wikis are editable by anyone #Githubwikistakeover to curl - 5 upvotes, $0
  50. CVE-2021-22876: Automatic referer leaks credentials to curl - 5 upvotes, $0
  51. Remote memory disclosure vulnerability in libcurl on 64 Bit Windows to curl - 5 upvotes, $0
  52. CVE-2022-22576: OAUTH2 bearer bypass in connection re-use to curl - 5 upvotes, $0
  53. CVE-2022-30115: HSTS bypass via trailing dot to curl - 5 upvotes, $0
  54. curl file writing susceptible to symlink attacks to curl - 5 upvotes, $0
  55. CVE-2021-22924: Bad connection reuse due to flawed path name checks to curl - 4 upvotes, $1200
  56. Signed integer overflow in tool_progress_cb() to curl - 4 upvotes, $0
  57. Invalid write (or double free) triggers curl command line tool crash to curl - 4 upvotes, $0
  58. Integer overflows in tool_operate.c at line 1541 to curl - 4 upvotes, $0
  59. SSRF via maliciously crafted URL due to host confusion to curl - 4 upvotes, $0
  60. CVE-2022-27775: Bad local IPv6 connection reuse to curl - 4 upvotes, $0
  61. CVE-2022-27779: cookie for trailing dot TLD to curl - 4 upvotes, $0
  62. CVE-2022-27782: TLS and SSH connection too eager reuse to curl - 4 upvotes, $0
  63. Memory leak in CURLOPT_XOAUTH2_BEARER to curl - 4 upvotes, $0
  64. Credential leak on redirect to curl - 4 upvotes, $0
  65. CVE-2022-27781: CERTINFO never-ending busy-loop to curl - 4 upvotes, $0
  66. CVE-2022-32206: HTTP compression denial of service to curl - 4 upvotes, $0
  67. CVE-2022-32205: Set-Cookie denial of service to curl - 4 upvotes, $0
  68. CVE-2022-35260: .netrc parser out-of-bounds access to curl - 4 upvotes, $0
  69. CVE-2023-28320: siglongjmp race condition to curl - 4 upvotes, $0
  70. CVE-2021-22922: Wrong content via metalink not discarded to curl - 3 upvotes, $700
  71. CVE-2021-22923: Metalink download sends credentials to curl - 3 upvotes, $700
  72. Active Mixed Content over HTTPS to curl - 3 upvotes, $0
  73. curl overwrites local file with -J option if file non-readable, but file writable. to curl - 3 upvotes, $0
  74. Poll loop/hang on incomplete HTTP header to curl - 3 upvotes, $0
  75. Integer overflow in the source code tool_cb_prg.c to curl - 3 upvotes, $0
  76. CVE-2021-22925: TELNET stack contents disclosure again to curl - 3 upvotes, $0
  77. Denial of Service vulnerability in curl when parsing MQTT server response to curl - 3 upvotes, $0
  78. CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars to curl - 3 upvotes, $0
  79. error parse uri path in curl to curl - 3 upvotes, $0
  80. CVE-2022-32207: Unpreserved file permissions to curl - 3 upvotes, $0
  81. CVE-2022-32221: POST following PUT confusion to curl - 3 upvotes, $0
  82. libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass to curl - 3 upvotes, $0
  83. CVE-2023-27533: Telnet option IAC injection to curl - 3 upvotes, $0
  84. CVE-2023-27534: SFTP path ~ resolving discrepancy to curl - 3 upvotes, $0
  85. CVE-2023-27535: FTP too eager connection reuse to curl - 3 upvotes, $0
  86. CVE-2023-27536: GSS delegation too eager connection re-use to curl - 3 upvotes, $0
  87. CVE-2023-27538: SSH connection too eager reuse still to curl - 3 upvotes, $0
  88. CVE-2023-28322: more POST-after-PUT confusion to curl - 3 upvotes, $0
  89. CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport to curl - 2 upvotes, $1000
  90. Abusing URL Parsers by long schema name to curl - 2 upvotes, $0
  91. Heap Buffer Overflow (READ of size 1) in ourWriteOut to curl - 2 upvotes, $0
  92. Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080 to curl - 2 upvotes, $0
  93. Integer overlow in "header_append" function to curl - 2 upvotes, $0
  94. curl on Windows can be forced to execute code via OpenSSL environment variables to curl - 2 upvotes, $0
  95. Binary output bypass to curl - 2 upvotes, $0
  96. CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster to curl - 2 upvotes, $0
  97. Cookie injection from non-secure context to curl - 2 upvotes, $0
  98. Heap overflow via HTTP/2 PUSH_PROMISE to curl - 2 upvotes, $0
  99. Credential leak when use two url to curl - 2 upvotes, $0
  100. CVE-2022-42916: HSTS bypass via IDN to curl - 2 upvotes, $0
  101. CVE-2023-28321: IDN wildcard match to curl - 2 upvotes, $0
  102. Insecure Frame (External) to curl - 1 upvotes, $0
  103. Parallel upload hangs curl if upload file not found to curl - 1 upvotes, $0
  104. CVE-2020-8285: FTP wildcard stack overflow to curl - 1 upvotes, $0
  105. libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823 to curl - 1 upvotes, $0
  106. Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time to curl - 1 upvotes, $0
  107. Division by zero if terminal width is 2 to curl - 1 upvotes, $0
  108. Unexpected access to process open files via file:///proc/self/fd/n to curl - 1 upvotes, $0
  109. use after free in cookie.c to curl - 1 upvotes, $0
  110. Potential invocation of qsort on uninitialized memory during cookie save to curl - 1 upvotes, $0
  111. Resource leak when using a normal site as DOH server to curl - 1 upvotes, $0
  112. Buffer write overflow when forming dns over http request to curl - 1 upvotes, $0
  113. Integer overflow at line 1603 in the src/operator.c file to curl - 1 upvotes, $0
  114. huge COLUMNS causes progress-bar to buffer overflow to curl - 1 upvotes, $0
  115. Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c to curl - 1 upvotes, $0
  116. Proxy-Authorization header carried to a new host on a redirect to curl - 1 upvotes, $0
  117. Occasional use-after-free in multi_done() libcurl-7.81.0 to curl - 1 upvotes, $0
  118. Use of Unsafe function || Strcpy to curl - 1 upvotes, $0
  119. curl proceeds with unsafe connections when -K file can't be read to curl - 1 upvotes, $0
  120. Certificate authentication re-use on redirect to curl - 1 upvotes, $0
  121. KRB-FTP: Security level downgrade to curl - 1 upvotes, $0
  122. curl "globbing" can lead to denial of service attacks to curl - 1 upvotes, $0
  123. Port and service scanning on localhost due to improper URL validation. to curl - 0 upvotes, $0
  124. Data race conditions reported by helgrind when performing parallel DNS queries in libcurl to curl - 0 upvotes, $0
  125. Only OpenSSL handles a CRL when passed in via CApath to curl - 0 upvotes, $0
  126. curl successfully matches IP address literal in URL against IP address literal in certificate Common Name to curl - 0 upvotes, $0
  127. Curl_auth_create_plain_message integer overflow leads to heap buffer overflow to curl - 0 upvotes, $0
  128. curl still vulnerable to SMB access smuggling via FILE URL on Windows to curl - 0 upvotes, $0
  129. Incorrect IPv6 literal parsing leads to validated connection to unexpected https server. to curl - 0 upvotes, $0
  130. Double-free of trailers_buf' on Curl_http_compile_trailers()` failure to curl - 0 upvotes, $0
  131. match to curl - 0 upvotes, $0
  132. Integer overflows in unescape_word() to curl - 0 upvotes, $0