Lucene search
K

4 matches found

Hacker One
Hacker One
added 2023/03/20 7:44 a.m.65 views

Internet Bug Bounty: CVE-2023-27538: SSH connection too eager reuse still

A vulnerability was found in libcurl that allowed the reuse of a previously created SSH connection even when an SSH related option had been changed that should have prohibited reuse. This was due to two SSH settings being left out from the configuration match checks, making them match too easily...

5.5CVSS6.9AI score0.01162EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 7:42 a.m.97 views

Internet Bug Bounty: CVE-2023-27536: GSS delegation too eager connection re-use

A vulnerability was found in libcurl versions 7.22.0 to 7.88.1 that allowed for the reuse of a previously created connection even when the GSS delegation option had been changed, potentially changing the user's permissions in a second transfer. This could affect krb5/kerberos/negotiate/GSSAPI...

5.9CVSS7.2AI score0.01566EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2023/03/20 12:0 a.m.73 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

5.9CVSS6.8AI score0.01607EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2022/05/11 8:0 a.m.7 views

TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and...

7.5CVSS6.6AI score0.02596EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder