Skip to content

Latest commit

 

History

History
120 lines (119 loc) · 14 KB

TOPCURL.md

File metadata and controls

120 lines (119 loc) · 14 KB
Raw

Top reports from curl program at HackerOne:

  1. CVE-2021-22901: TLS session caching disaster to curl - 70 upvotes, $2000
  2. curl overwrite local file with -J to curl - 52 upvotes, $700
  3. CVE-2020-8286: Inferior OCSP verification to curl - 49 upvotes, $900
  4. CVE-2020-8284: trusting FTP PASV responses to curl - 30 upvotes, $700
  5. Windows Privilege Escalation: Malicious OpenSSL Engine to curl - 23 upvotes, $200
  6. An integer overflow found in /lib/urlapi.c to curl - 23 upvotes, $150
  7. Partial password leak over DNS on HTTP redirect to curl - 21 upvotes, $400
  8. CVE-2023-28319: UAF in SSH sha256 fingerprint check to curl - 20 upvotes, $0
  9. CVE-2022-27776: Auth/cookie leak on redirect to curl - 18 upvotes, $0
  10. CVE-2023-23916: HTTP multi-header compression denial of service to curl - 16 upvotes, $0
  11. CVE-2021-22945: UAF and double-free in MQTT sending to curl - 14 upvotes, $1000
  12. Heap Buffer Overflow at lib/tftp.c to curl - 13 upvotes, $200
  13. CVE-2022-35252: control code in cookie denial of service to curl - 13 upvotes, $0
  14. CVE-2023-27537: HSTS double-free to curl - 13 upvotes, $0
  15. Connect-only connections can use the wrong connection to curl - 11 upvotes, $500
  16. Heap buffer overflow in TFTP when using small blksize to curl - 11 upvotes, $250
  17. CVE-2022-43552: HTTP Proxy deny use-after-free to curl - 11 upvotes, $0
  18. CVE-2021-22897: schannel cipher selection surprise to curl - 10 upvotes, $800
  19. SMB access smuggling via FILE URL on Windows to curl - 9 upvotes, $400
  20. CVE-2021-22946: Protocol downgrade required TLS bypassed to curl - 8 upvotes, $1000
  21. CVE-2022-27778: curl removes wrong file on error to curl - 8 upvotes, $0
  22. CVE-2021-22947: STARTTLS protocol injection via MITM to curl - 7 upvotes, $1500
  23. CVE-2021-22890: TLS 1.3 session ticket proxy host mixup to curl - 7 upvotes, $0
  24. CVE-2022-32208: FTP-KRB bad message verification to curl - 7 upvotes, $0
  25. CVE-2022-43551: Another HSTS bypass via IDN to curl - 7 upvotes, $0
  26. CVE-2023-23915: HSTS amnesia with --parallel to curl - 7 upvotes, $0
  27. krb5: double-free in read_data() after realloc() fail to curl - 6 upvotes, $200
  28. --libcurl code injection via trigraphs to curl - 6 upvotes, $0
  29. CVE-2022-27774: Credential leak on redirect to curl - 6 upvotes, $0
  30. CVE-2022-27780: percent-encoded path separator in URL host to curl - 6 upvotes, $0
  31. CVE-2023-23914: curl HSTS ignored on multiple requests to curl - 6 upvotes, $0
  32. CVE-2021-22898: TELNET stack contents disclosure to curl - 5 upvotes, $1000
  33. CVE-2021-22876: Automatic referer leaks credentials to curl - 5 upvotes, $800
  34. Github wikis are editable by anyone #Githubwikistakeover to curl - 5 upvotes, $0
  35. Remote memory disclosure vulnerability in libcurl on 64 Bit Windows to curl - 5 upvotes, $0
  36. CVE-2022-22576: OAUTH2 bearer bypass in connection re-use to curl - 5 upvotes, $0
  37. CVE-2022-30115: HSTS bypass via trailing dot to curl - 5 upvotes, $0
  38. CVE-2022-42915: HTTP proxy double-free to curl - 5 upvotes, $0
  39. curl file writing susceptible to symlink attacks to curl - 5 upvotes, $0
  40. CVE-2021-22924: Bad connection reuse due to flawed path name checks to curl - 4 upvotes, $1200
  41. Signed integer overflow in tool_progress_cb() to curl - 4 upvotes, $0
  42. Invalid write (or double free) triggers curl command line tool crash to curl - 4 upvotes, $0
  43. Integer overflows in tool_operate.c at line 1541 to curl - 4 upvotes, $0
  44. SSRF via maliciously crafted URL due to host confusion to curl - 4 upvotes, $0
  45. CVE-2022-27775: Bad local IPv6 connection reuse to curl - 4 upvotes, $0
  46. CVE-2022-27779: cookie for trailing dot TLD to curl - 4 upvotes, $0
  47. CVE-2022-27782: TLS and SSH connection too eager reuse to curl - 4 upvotes, $0
  48. Memory leak in CURLOPT_XOAUTH2_BEARER to curl - 4 upvotes, $0
  49. Credential leak on redirect to curl - 4 upvotes, $0
  50. CVE-2022-27781: CERTINFO never-ending busy-loop to curl - 4 upvotes, $0
  51. CVE-2022-32206: HTTP compression denial of service to curl - 4 upvotes, $0
  52. CVE-2022-32205: Set-Cookie denial of service to curl - 4 upvotes, $0
  53. CVE-2022-35260: .netrc parser out-of-bounds access to curl - 4 upvotes, $0
  54. CVE-2021-22925: TELNET stack contents disclosure again to curl - 3 upvotes, $800
  55. CVE-2021-22922: Wrong content via metalink not discarded to curl - 3 upvotes, $700
  56. CVE-2021-22923: Metalink download sends credentials to curl - 3 upvotes, $700
  57. Active Mixed Content over HTTPS to curl - 3 upvotes, $0
  58. curl overwrites local file with -J option if file non-readable, but file writable. to curl - 3 upvotes, $0
  59. Poll loop/hang on incomplete HTTP header to curl - 3 upvotes, $0
  60. Integer overflow in the source code tool_cb_prg.c to curl - 3 upvotes, $0
  61. Denial of Service vulnerability in curl when parsing MQTT server response to curl - 3 upvotes, $0
  62. CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars to curl - 3 upvotes, $0
  63. CVE-2022-32207: Unpreserved file permissions to curl - 3 upvotes, $0
  64. CVE-2022-32221: POST following PUT confusion to curl - 3 upvotes, $0
  65. libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass to curl - 3 upvotes, $0
  66. CVE-2023-27533: Telnet option IAC injection to curl - 3 upvotes, $0
  67. CVE-2023-27534: SFTP path ~ resolving discrepancy to curl - 3 upvotes, $0
  68. CVE-2023-27535: FTP too eager connection reuse to curl - 3 upvotes, $0
  69. CVE-2023-27536: GSS delegation too eager connection re-use to curl - 3 upvotes, $0
  70. CVE-2023-27538: SSH connection too eager reuse still to curl - 3 upvotes, $0
  71. CVE-2023-28320: siglongjmp race condition to curl - 3 upvotes, $0
  72. CVE-2023-28322: more POST-after-PUT confusion to curl - 3 upvotes, $0
  73. Cache purge requests are not authenticated to curl - 3 upvotes, $0
  74. CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport to curl - 2 upvotes, $1000
  75. Abusing URL Parsers by long schema name to curl - 2 upvotes, $0
  76. Heap Buffer Overflow (READ of size 1) in ourWriteOut to curl - 2 upvotes, $0
  77. Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080 to curl - 2 upvotes, $0
  78. Integer overlow in "header_append" function to curl - 2 upvotes, $0
  79. curl on Windows can be forced to execute code via OpenSSL environment variables to curl - 2 upvotes, $0
  80. Binary output bypass to curl - 2 upvotes, $0
  81. CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster to curl - 2 upvotes, $0
  82. Cookie injection from non-secure context to curl - 2 upvotes, $0
  83. Heap overflow via HTTP/2 PUSH_PROMISE to curl - 2 upvotes, $0
  84. Credential leak when use two url to curl - 2 upvotes, $0
  85. CVE-2022-42916: HSTS bypass via IDN to curl - 2 upvotes, $0
  86. CVE-2023-28321: IDN wildcard match to curl - 2 upvotes, $0
  87. Insecure Frame (External) to curl - 1 upvotes, $0
  88. Parallel upload hangs curl if upload file not found to curl - 1 upvotes, $0
  89. CVE-2020-8285: FTP wildcard stack overflow to curl - 1 upvotes, $0
  90. libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823 to curl - 1 upvotes, $0
  91. Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time to curl - 1 upvotes, $0
  92. Division by zero if terminal width is 2 to curl - 1 upvotes, $0
  93. Unexpected access to process open files via file:///proc/self/fd/n to curl - 1 upvotes, $0
  94. use after free in cookie.c to curl - 1 upvotes, $0
  95. Potential invocation of qsort on uninitialized memory during cookie save to curl - 1 upvotes, $0
  96. Resource leak when using a normal site as DOH server to curl - 1 upvotes, $0
  97. Buffer write overflow when forming dns over http request to curl - 1 upvotes, $0
  98. Integer overflow at line 1603 in the src/operator.c file to curl - 1 upvotes, $0
  99. huge COLUMNS causes progress-bar to buffer overflow to curl - 1 upvotes, $0
  100. Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c to curl - 1 upvotes, $0
  101. Proxy-Authorization header carried to a new host on a redirect to curl - 1 upvotes, $0
  102. Occasional use-after-free in multi_done() libcurl-7.81.0 to curl - 1 upvotes, $0
  103. Use of Unsafe function || Strcpy to curl - 1 upvotes, $0
  104. curl proceeds with unsafe connections when -K file can't be read to curl - 1 upvotes, $0
  105. Certificate authentication re-use on redirect to curl - 1 upvotes, $0
  106. error parse uri path in curl to curl - 1 upvotes, $0
  107. KRB-FTP: Security level downgrade to curl - 1 upvotes, $0
  108. curl "globbing" can lead to denial of service attacks to curl - 1 upvotes, $0
  109. Port and service scanning on localhost due to improper URL validation. to curl - 0 upvotes, $0
  110. Data race conditions reported by helgrind when performing parallel DNS queries in libcurl to curl - 0 upvotes, $0
  111. Only OpenSSL handles a CRL when passed in via CApath to curl - 0 upvotes, $0
  112. curl successfully matches IP address literal in URL against IP address literal in certificate Common Name to curl - 0 upvotes, $0
  113. Curl_auth_create_plain_message integer overflow leads to heap buffer overflow to curl - 0 upvotes, $0
  114. curl still vulnerable to SMB access smuggling via FILE URL on Windows to curl - 0 upvotes, $0
  115. Incorrect IPv6 literal parsing leads to validated connection to unexpected https server. to curl - 0 upvotes, $0
  116. Double-free of trailers_buf' on Curl_http_compile_trailers()` failure to curl - 0 upvotes, $0
  117. match to curl - 0 upvotes, $0
  118. Integer overflows in unescape_word() to curl - 0 upvotes, $0