431 matches found
Astra Linux – Vulnerability in curl
A authentication bypass vulnerability exists in libcurl version 8.0.0, particularly in the connection reuse feature. This vulnerability allows for the reuse of previously established connections with incorrect user permissions, due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION...
Astra Linux – Vulnerability in curl
libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...
CLSA-2026-1779098432 Fix CVE(s): CVE-2026-5773
SECURITY UPDATE: wrong SMB connection reused due to missing share comparison - debian/patches/CVE-2026-5773.patch: disable connection reuse for SMBS by replacing connkeep with connclose in smbconnect lib/smb.c - CVE-2026-5773...
SUSE-SU-2026:1940-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...
curl: Connection reuse ignores haproxyprotocol and HAPROXY_CLIENT_IP settings, allowing PROXY context to persist across transfers
Summary: libcurl's connection pool match logic does not include the CURLOPTHAPROXYPROTOCOL setting or the CURLOPTHAPROXYCLIENTIP value in its connection match key. Two transfers issued through the same Curleasy or via a shared connection cache CURLLOCKDATACONNECT therefore share one TCP connectio...
wrong reuse of HTTP Negotiate connection
...
connection reuse ignores TLS requirement
...
curl: CVE-2026-8932: incomplete mTLS config matching in conn reuse
Hi all, This report and my multiple subsequent ones may come as a surprise, as I was assured that curl now had zero vulnerabilities in it. Nonetheless, I think the CVE-2022-27782 fix "TLS and SSH connection too eager reuse", commit f18af4f874 2022-05-09, "tls: check more TLS details for connectio...
EUVD-2026-29923
libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...
EUVD-2026-29924
libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...
CVE-2026-5773
libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...
ALPINE-CVE-2026-5545
libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...
CVE-2026-5545
libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...
ALPINE-CVE-2026-5773
libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...
CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
CVE-2026-5773
libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...
CVE-2026-5773
CVE-2026-5773 affects libcurl and involves a logical error in the SMB connection reuse pool. The code could reuse an existing SMB connection to the same server but with a different share, potentially causing the wrong file to be downloaded or a file to be uploaded to the wrong location, while cre...
CVE-2026-5773 wrong reuse of SMB connection
libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...
CVE-2026-5773
libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...
CVE-2026-5545
CVE-2026-5545 affects libcurl: a logical error in connection reuse can cause a request to a server usingNegotiate authentication with user1:password1 to be mistakenly sent over a connection still authenticated for user1 when a second operation tries to authenticate as user2:password2 on the same ...