Astra Linux - уязвимость в curl

Due to the use of a dangling pointer, libcurl versions 7.29.0 through 7.71.1 can use the wrong connection when sending data...

CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

UBUNTU-CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

JLSEC-2025-23 Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when se...

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

SUSE CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

SUSE CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

Amazon Linux 2 : curl (ALAS-2021-1693)

The version of curl installed on the remote host is prior to 7.76.1-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1693 advisory. A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl...

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

libcurl 资源管理错误漏洞

libcurl is a tool for transferring data from or to a server. A resource management error vulnerability exists in libcurl that stems from the presence of a logic error that could cause libcurl to reuse the wrong connection...

CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

ALPINE-CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

DEBIAN-CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

SUSE SLES12 Security Update : curl (SUSE-SU-2020:2444-1)

This update for curl fixes the following issues : An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPTCONNECTONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the...

CVE-2020-8231

A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPTCONNECTONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data...

UBUNTU-CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

curl: Connect-only connections can use the wrong connection

Summary: If a connect-only easy handle is not read from or written to, its connection can time out and be closed. If a new connection is created it can be allocated at the same address, causing the easy handle to use the new connection. This new connection may not be connected to the same server ...