UbuntuUpdates.org

Bugs fixes in "curl"

Origin Bug number Title Date fixed
CVE CVE-2026-5773 libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen 2026-07-10
CVE CVE-2026-10536 A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR 2026-07-10
CVE CVE-2026-5773 libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen 2026-07-10
CVE CVE-2026-12064 When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl 2026-07-10
CVE CVE-2026-10536 A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR 2026-07-10
CVE CVE-2026-12064 When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl 2026-07-10
CVE CVE-2026-11586 By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a 2026-07-10
CVE CVE-2026-11564 libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle th 2026-07-10
CVE CVE-2026-11352 An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. 2026-07-10
CVE CVE-2026-10536 A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR 2026-07-10
CVE CVE-2026-5773 libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen 2026-07-09
CVE CVE-2026-10536 A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR 2026-07-09
CVE CVE-2026-5773 libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen 2026-07-09
CVE CVE-2026-12064 When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl 2026-07-09
CVE CVE-2026-10536 A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR 2026-07-09
CVE CVE-2026-12064 When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl 2026-07-09
CVE CVE-2026-11586 By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a 2026-07-09
CVE CVE-2026-11564 libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle th 2026-07-09
CVE CVE-2026-11352 An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. 2026-07-09
CVE CVE-2026-10536 A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR 2026-07-09



About   -   Send Feedback to @ubuntu_updates