Lucene search
+L

34 matches found

redhat
redhat
added 2026/07/02 3:43 p.m.2 views

libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References7
osv
osv
added 2026/05/13 8:27 a.m.2 views

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS7AI score0.00414EPSS
Exploits1References5
osv
osv
added 2026/05/04 1:12 p.m.5 views

JLSEC-2026-432 libcurl accidentally skips the certificate verification for QUIC connections when connecting to a...

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.5CVSS6.8AI score0.00248EPSS
Exploits1References6
osv
osv
added 2026/05/04 1:12 p.m.10 views

JLSEC-2026-415 libcurl skips the certificate verification for a QUIC connection under certain conditions, when...

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

6.3CVSS7.3AI score0.01709EPSS
Exploits1References14
nessus
nessus
added 2026/01/14 12:0 a.m.3 views

MiracleLinux 3 : curl-7.15.5-9.AXS3 (AXSA:2010-170:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-170:01 advisory. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user...

6.8CVSS7.4AI score0.04408EPSS
Exploits0References2
nessus
nessus
added 2025/12/19 12:0 a.m.7 views

RockyLinux 8 : curl (RLSA-2025:23383)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23383 advisory. curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 Tenable has extracted the preceding description block directly from the RockyLinux security...

7.5CVSS6.4AI score0.01301EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-2413

Malware in sbrugna...

7.5CVSS4.7AI score0.03602EPSS
Exploits0References33
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1518

Malware in sbrugna...

9.1CVSS9AI score0.06224EPSS
Exploits0References16
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3571

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00748EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-47336

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.04296EPSS
Exploits1References5
nessus
nessus
added 2025/08/07 12:0 a.m.4 views

CBL Mariner 2.0 Security Update: cmake / mysql (CVE-2025-4947)

The version of cmake / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4947 advisory. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host...

6.5CVSS6.8AI score0.00248EPSS
Exploits1References2
nessus
nessus
added 2025/08/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-5399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop...

7.5CVSS6.5AI score0.01226EPSS
Exploits1References2
hackerone
hackerone
added 2025/07/09 3:4 a.m.18 views

curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Summary: A Use-After-Free UAF vulnerability exists in libcurl when the OpenSSL SSLCTXsetkeylogcallback is set. The callback may be invoked after the associated SSL object has been freed via SSLfree, leading to access to a dangling pointer and potential crash or information leak via SSLgetexdata...

7.3AI score
Exploits0
nessus
nessus
added 2025/06/26 12:0 a.m.6 views

Curl 8.13.0 < 8.14.1 DoS (CVE-2025-5399)

The version of Curl installed on the remote host is is missing security update. It is, therefore, affected by a denial of service vulnerability. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless...

7.5CVSS6.9AI score0.01226EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/06/07 7:49 a.m.8 views

CVE-2025-5399 WebSocket endless loop

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

7.6AI score0.01226EPSS
Exploits1References3
hackerone
hackerone
added 2025/05/30 3:38 a.m.312 views

curl: CVE-2025-5399: WebSocket endless loop

The function curlwssend in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not properly handled, leading to the function failing to terminate. This vulnerability was discovered in the...

7.5CVSS7.2AI score0.01226EPSS
Exploits1
nessus
nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-27538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH...

7.7CVSS6.7AI score0.01162EPSS
Exploits1References2
nessus
nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2023-27536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect us...

5.9CVSS6.6AI score0.01566EPSS
Exploits1References2
nessus
nessus
added 2025/02/20 12:0 a.m.16 views

Tenable Identity Exposure < 3.77.9 Multiple Vulnerabilities (TNS-2025-01)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.9. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2025-01, including the following: - libcurl would wrongly close the same eventfd file descriptor twice when taking down a...

7.7CVSS7.1AI score0.01404EPSS
Exploits5References11
attackerkb
attackerkb
added 2025/02/05 10:15 a.m.2 views

CVE-2025-0665

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve...

9.8CVSS5.8AI score0.01253EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder