Bugs fixes in "curl"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-5773 | libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen | 2026-07-10 |
| CVE | CVE-2026-10536 | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR | 2026-07-10 |
| CVE | CVE-2026-5773 | libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen | 2026-07-10 |
| CVE | CVE-2026-12064 | When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl | 2026-07-10 |
| CVE | CVE-2026-10536 | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR | 2026-07-10 |
| CVE | CVE-2026-12064 | When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl | 2026-07-10 |
| CVE | CVE-2026-11586 | By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a | 2026-07-10 |
| CVE | CVE-2026-11564 | libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle th | 2026-07-10 |
| CVE | CVE-2026-11352 | An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. | 2026-07-10 |
| CVE | CVE-2026-10536 | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR | 2026-07-10 |
| CVE | CVE-2026-5773 | libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen | 2026-07-09 |
| CVE | CVE-2026-10536 | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR | 2026-07-09 |
| CVE | CVE-2026-5773 | libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen | 2026-07-09 |
| CVE | CVE-2026-12064 | When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl | 2026-07-09 |
| CVE | CVE-2026-10536 | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR | 2026-07-09 |
| CVE | CVE-2026-12064 | When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl | 2026-07-09 |
| CVE | CVE-2026-11586 | By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a | 2026-07-09 |
| CVE | CVE-2026-11564 | libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle th | 2026-07-09 |
| CVE | CVE-2026-11352 | An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. | 2026-07-09 |
| CVE | CVE-2026-10536 | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR | 2026-07-09 |
About
-
Send Feedback to @ubuntu_updates