Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

libcurl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure (CVE-2026-9545)

The version of libcurl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6.1AI score0.00408EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/07/06 7:51 p.m.4 views

CVE-2026-9545

A flaw was found in libcurl. An attacker can exploit this by replacing a legitimate HTTP/3 server with an impostor machine. When libcurl attempts a second transfer to the same site with a cached SSL session and early data enabled, it may send sensitive request data before verifying the server's...

7.5CVSS5.6AI score0.00408EPSS
Exploits1References6
Snyk
Snyk
added 2026/07/03 8:18 a.m.6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation when the CURLOPTSSLSESSIONIDCACHE is enabled and the CURLSSLOPTEARLYDATA option is set in CURLOPTSSLOPTIONS. An attacker can intercept and obtain sensitive information by impersonating a server and...

8.3CVSS6AI score0.00408EPSS
Exploits1References2
OSV
OSV
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS0.00408EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:17 a.m.7 views

EUVD-2026-41493

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

5.8AI score0.00408EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:17 a.m.51 views

CVE-2026-9545 exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

0.00408EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:17 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Curl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure

The version of curl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6AI score0.00408EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS6AI score0.00408EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.8AI score0.00408EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.8 views

CURL-CVE-2026-9545 exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.8AI score0.00408EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51754

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where libcurl may send request data on a new connection before enforcing certificate verification failure. This occurs when a user first connects to a legitimate HTTP/3 server...

9.8CVSS5.8AI score0.0108EPSS
Exploits12References46
Hacker One
Hacker One
added 2026/05/21 10:58 a.m.6 views

curl: CVE-2026-9545: exposing HTTP/3 early data

Summary: When the ngtcp2 HTTP/3 backend reuses a TLS session that advertises early data support, cfngtcp2onsessionreuse initializes the HTTP/3 connection state and marks the connection filter as connected before the new QUIC/TLS handshake has completed. The request send path can then reach...

7.5CVSS6AI score0.00408EPSS
Exploits1
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-249 Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when...

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.9AI score0.54026EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.19 views

SUSE CVE-2025-64763

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

5.3CVSS6.8AI score0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/13 6:54 p.m.11 views

CVE-2025-64763

A flaw was found in Envoy. This vulnerability allows a de-synchronized CONNECT tunnel state via accepting client data before issuing a 2xx response and forwarding it to the upstream TCP Transmission Control Protocol connection when configured in TCP Transmission Control Protocol proxy mode to...

5.3CVSS6.1AI score0.00282EPSS
Exploits0References4
OSV
OSV
added 2025/12/06 11:38 a.m.4 views

BIT-ENVOY-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

5.3CVSS6.7AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 6:12 p.m.7 views

EUVD-2025-201099

Envoy forwards early CONNECT data in TCP proxy mode...

5.3CVSS6.4AI score0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/03 6:13 p.m.2 views

CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

3.7CVSS6.4AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder