| 95 |
wrong connect-only connection |
Logic, pointers |
2 |
| 94 |
curl overwrite local file with -J |
Logic |
1 |
| 93 |
Partial password leak over DNS on HTTP redirect |
Logic, quoting |
1 |
| 92 |
FTP-KRB double-free |
Memory |
4 |
| 91 |
TFTP small blocksize heap buffer overflow |
Memory |
4 |
| 90 |
Windows OpenSSL engine code injection |
Logic |
0 |
| 89 |
TFTP receive buffer overflow |
Memory |
4 |
| 88 |
Integer overflows in curl_url_set |
Integer overflow leading to memory |
3 |
| 87 |
NTLM type-2 out-of-bounds buffer read |
Memory |
4 |
| 86 |
NTLMv2 type-3 header stack buffer overflow |
Memory |
4 |
| 85 |
SMTP end-of-response out-of-bounds read |
Memory |
4 |
| 84 |
warning message out-of-buffer read |
Memory |
4 |
| 83 |
use-after-free in handle close |
Memory |
4 |
| 82 |
SASL password overflow via integer overflow |
Integer overflow leading to memory |
3 |
| 81 |
NTLM password overflow via integer overflow |
Integer overflow leading to memory |
3 |
| 80 |
SMTP send heap buffer overflow |
Memory |
4 |
| 79 |
FTP shutdown response buffer overflow |
Memory |
4 |
| 78 |
RTSP bad headers buffer over-read |
Memory |
4 |
| 77 |
RTSP RTP buffer over-read |
Memory |
4 |
| 76 |
LDAP NULL pointer dereference |
Memory |
4 |
| 75 |
FTP path trickery leads to NIL byte out of bounds write |
Memory |
4 |
| 74 |
HTTP authentication leak in redirects |
Logic |
0 |
| 73 |
HTTP/2 trailer out-of-bounds read |
Memory |
4 |
| 72 |
SSL out of buffer access |
Memory |
4 |
| 71 |
FTP wildcard out of bounds read |
Memory |
4 |
| 70 |
NTLM buffer overflow via integer overflow |
Integer overflow leading to memory |
3 |
| 69 |
IMAP FETCH response out of bounds read |
Memory |
4 |
| 68 |
FTP PWD response parser out of bounds read |
Memory |
4 |
| 67 |
URL globbing out of bounds read |
Memory |
4 |
| 66 |
TFTP sends more than buffer size |
Memory |
4 |
| 65 |
FILE buffer read out of bounds |
Memory |
4 |
| 64 |
URL file scheme drive letter buffer overflow |
Memory |
4 |
| 63 |
TLS session resumption client cert bypass (again) |
Logic, reuse |
0 |
| 62 |
–write-out out of buffer read |
Memory |
4 |
| 61 |
SSL_VERIFYSTATUS ignored |
Logic |
0 |
| 60 |
uninitialized random |
Type error |
4 |
| 59 |
printf floating point buffer overflow |
Memory |
4 |
| 58 |
Win CE schannel cert wildcard matches too much |
Logic |
0 |
| 57 |
Win CE schannel cert name out of buffer read |
Memory |
4 |
| 56 |
cookie injection for other servers |
Logic, difficult to use API |
3 |
| 55 |
case insensitive password comparison |
Logic, terrible function name |
0 |
| 54 |
OOB write via unchecked multiplication |
Memory |
4 |
| 53 |
double-free in curl_maprintf |
Memory |
4 |
| 52 |
double-free in krb5 code |
Memory |
4 |
| 51 |
glob parser write/read out of bounds |
Memory |
4 |
| 50 |
curl_getdate read out of bounds |
Memory |
4 |
| 49 |
URL unescape heap overflow via integer truncation |
Memory |
4 |
| 48 |
Use-after-free via shared cookies |
Memory |
4 |
| 47 |
invalid URL parsing with ‘#’ |
Logic, used regex, now 2 problems |
0 |
| 46 |
IDNA 2003 makes curl use wrong host |
Logic, unicode insanity |
1 |
| 45 |
curl escape and unescape integer overflows |
Integer overflow leading to memory |
3 |
| 44 |
Incorrect reuse of client certificates |
Logic, reuse |
0 |
| 43 |
TLS session resumption client cert bypass |
Logic, reuse |
0 |
| 42 |
Re-using connections with wrong client cert |
Logic, reuse |
0 |
| 41 |
use of connection struct after free |
Memory |
4 |
| 40 |
Windows DLL hijacking |
Windows API nonsense |
0 |
| 39 |
TLS certificate check bypass with mbedTLS/PolarSSL |
Logic |
0 |
| 38 |
remote file name path traversal in curl tool for Windows |
Logic, quoting |
0 |
| 37 |
NTLM credentials not-checked for proxy connection re-use |
Logic, reuse |
0 |
| 36 |
SMB send off unrelated memory contents |
Memory, but I think this is still reading from valid allocated memory, heartbleed style |
0 |
| 35 |
lingering HTTP credentials in connection re-use |
Logic, reuse |
0 |
| 34 |
sensitive HTTP server headers also sent to proxies |
Logic |
0 |
| 33 |
host name out of boundary memory access |
Memory |
4 |
| 32 |
cookie parser out of boundary memory access |
Memory |
4 |
| 31 |
Negotiate not treated as connection-oriented |
Logic |
0 |
| 30 |
Re-using authenticated connection when unauthenticated |
Logic, reuse |
0 |
| 29 |
darwinssl certificate check bypass |
Logic, reuse |
0 |
| 28 |
URL request injection |
Logic |
0 |
| 27 |
duphandle read out of bounds |
Memory |
4 |
| 26 |
cookie leak for TLDs |
Logic, parsing |
0 |
| 25 |
cookie leak with IP address as domain |
Logic |
0 |
| 24 |
not verifying certs for TLS to IP address / Winssl |
Logic |
0 |
| 23 |
not verifying certs for TLS to IP address / Darwinssl |
Logic |
0 |
| 22 |
IP address wildcard certificate validation |
Logic |
0 |
| 21 |
wrong re-use of connections |
Logic |
0 |
| 20 |
re-use of wrong HTTP NTLM connection |
Logic, reuse |
2 |
| 19 |
cert name check ignore GnuTLS |
Logic |
0 |
| 18 |
cert name check ignore OpenSSL |
Logic |
0 |
| 17 |
URL decode buffer boundary flaw |
Memory |
4 |
| 16 |
cookie domain tailmatch |
Logic |
0 |
| 15 |
SASL buffer overflow |
Memory |
4 |
| 14 |
SSL CBC IV vulnerability |
Logic |
0 |
| 13 |
URL sanitization vulnerability |
Logic, parsing |
0 |
| 12 |
inappropriate GSSAPI delegation |
Logic |
0 |
| 11 |
local file overwrite |
Logic, parsing |
0 |
| 10 |
data callback excessive length |
Memory |
4 |
| 9 |
embedded zero in cert name |
Logic, null-terminated strings |
4 |
| 8 |
Arbitrary File Access |
Logic |
0 |
| 7 |
GnuTLS insufficient cert verification |
Logic |
0 |
| 6 |
TFTP Packet Buffer Overflow |
Memory |
4 |
| 5 |
URL Buffer Overflow |
Memory |
4 |
| 4 |
NTLM Buffer Overflow |
Memory |
4 |
| 3 |
Authentication Buffer Overflows |
Memory |
4 |
| 2 |
Proxy Authentication Header Information Leakage |
Logic |
0 |
| 1 |
FTP Server Response Buffer Overflow |
Memory |
4 |