Haxx Vulnerabilities
Comprehensive security vulnerability database for Haxx products
6
1
6
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2023-28322 | 3.7 | This vulnerability allows an attacker to potentially send incorrect data during an HTTP POST request if the same connection handle was previously used for a PUT request, which could lead to unexpected application behavior. It mainly affects applications that reuse connection handles without properly resetting them, making it important for developers to be cautious when switching between different types of requests. | haxxcurl | Exploit Available | over 2 years agoMay 26, 2023 |
| CVE-2023-27533 | 8.8 | An attacker can exploit a vulnerability in curl to send malicious commands during TELNET communication, potentially allowing them to execute arbitrary code on the system. This can happen if an application using curl accepts user input without properly checking it, making it particularly risky for applications that rely on user-provided data. | haxxcurl | Exploit Available | almost 3 years agoMar 30, 2023 |
| CVE-2023-23915 | 6.5 | This vulnerability allows an attacker to potentially intercept sensitive information during data transfers because the curl tool may fail to upgrade certain HTTP requests to secure HTTPS when multiple requests are made at the same time. This issue occurs only when using curl versions prior to 7.88.0 and can lead to unprotected data being sent over the internet instead of the intended secure connection. | haxxcurl | Exploit Available | almost 3 years agoFeb 23, 2023 |
| CVE-2022-43551 | 7.5 | An attacker can trick curl into using an insecure HTTP connection instead of the intended secure HTTPS by manipulating the URL with special characters that confuse the software's security checks. This vulnerability occurs when the URL contains IDN characters that are converted to ASCII, allowing the attacker to bypass the HSTS protection that should enforce secure connections. | haxxcurl | Exploit Available | about 3 years agoDec 23, 2022 |
| CVE-2022-32221 | 9.8 | This vulnerability allows an attacker to manipulate data sent in a POST request by exploiting a flaw in how the curl library handles reused connections, potentially leading to the wrong data being sent or causing the application to crash. It occurs when a connection that was previously used for a PUT request is reused for a POST request without properly resetting the data handling, which could happen in applications that frequently switch between these types of requests. | haxxcurl | Exploit Available | about 3 years agoDec 5, 2022 |
| CVE-2022-42916 | 7.5 | This vulnerability allows an attacker to trick curl into using an insecure HTTP connection instead of the intended secure HTTPS connection by manipulating the URL with special characters. This can happen when the URL includes international domain names that get converted to ASCII, making it possible for the attacker to bypass security checks designed to enforce HTTPS. | haxxcurl | Exploit Available | over 3 years agoOct 29, 2022 |
About Haxx Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Haxx products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.