Share via

How to get Microsoft patch update for CURL version 8.13

Tanmoy Banerjee 36 Reputation points
2025-04-23T14:43:11.31+00:00

Hi team,

Our security vulnerability scan showing below threat, How to get Microsoft patch update for CURL version 8.13 or over come from this threat. I've manually installed culr8.13 and change the system variable path but still it's showing vulnerable.

Theart:

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

Affected version

from curl 7.10.5 to 8.11.1 before 8.12.0

QID Detection logic

QID checks for the curl.exe affected versions as vulnerable utilising the unintsall registry key for Installer specific applications

QID checks for the curl.exe affected versions as vulnerable utilising the deepscan feature to traverse the file paths %windir%\System32\curl.exe Version is 8.9.1.0

%windir%\SysWOW64\curl.exe Version is 8.9.1.0#

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
4,073 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vahid Ghafarpour 23,285 Reputation points Moderator
    2025-04-23T16:09:06.4933333+00:00

    Windows ships its own version of curl.exe (as of Windows 10 and later), that version is managed by Windows Update — not by your custom installs. And unfortunately, Vulnerability scanners don’t care about the version in your PATH, they directly check the built-in ones.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.