## Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execu...
Summary - Component: libcurl core HTTP handling (HTTP/2 request translation and CONNECT detection) - Type: out-of-bounds read resul...
## Summary: There is a double-free bug(s) in tool_ssls_load(), which can happen at line 83-84 or 129-130 (tool_ssls.c): ```c curl_free(shmac);...
## Summary: There is a double-free in libcurl with rustls. The root cause is reported and it is fixed in https://github.com/curl/curl/pull/19425, w...
## Summary: When a user runs `curl -OJ `, a malicious server can force the response to be saved as `.curlrc` in the working directory. If the user ...
## Summary Found an off-by-one buffer overflow in `lib/smb.c` when handling SMB file paths. The bounds check uses `>` instead of `>=`, allowing a ...
## Summary There's a bug in `lib/vtls/rustls.c` where `malloc()` uses `sizeof(cipher_suites)` instead of `sizeof(*cipher_suites)`. This allocates ...
ftp_parse_url_path in lib/ftp.c URL-decodes FTP path segments (e.g. %2e%2e) and then splits the decoded path into components using an ad-hoc loop t...
An image hash is publicly exposed on Github Steps to reproduce: See at >> https://github.com/curl/curl/blob/master/Dockerfile Solution: # If you...
Description: The $openssl code in curl 8.17.0.1 allows exploitation. Steps to reproduce: 1) Extract and install curl on Windows. 2) See the code ...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
