ROS-20220516-09

Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors
for SASL-enabled protocols such as SMPTP(S), IMAP(S), POP3(S), and LDAP(S) (openldap only).
Exploitation of the vulnerability could allow an attacker acting remotely to reuse the
OAUTH2 authenticated connections without properly verifying that the connection has been
authenticated with the same credentials set for that transmission

The cURL command-line utility vulnerability is related to application attempts to perform redirects during the
during the authentication process, and does not treat different port numbers or protocols as separate targets for
authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a
redirect to a different protocol port number, and thus cause cURL to allow such a
redirection and pass the credentials

A vulnerability in the cURL command line utility is related to mismanagement of internal resources when working with the IPv6 protocol.
IPv6 protocol. Exploitation of the vulnerability could allow an attacker acting remotely,
cause an improper connection where one transmission uses a zone identifier and a subsequent transmission uses a different (or no) zone identifier.
transmission uses a different (or no) zone identifier

The cURL command-line utility vulnerability involves leaking authentication data or cookie headers during HTTP redirection.
cookie during HTTP redirection to the same host but with a different port number. Exploitation of the vulnerability
could allow an attacker acting remotely to mistakenly send the same set of headers to hosts
that are identical to the first but use a different port number or URL scheme