VYPR
Unrated severityNVD Advisory· Published Jul 7, 2011· Updated Jun 16, 2026

CVE-2011-2192

CVE-2011-2192

Description

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • Curl/Libcurl2 versions
    cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*range: >=7.10.6,<=7.21.6
    • (no CPE)range: >=7.10.6 <=7.21.6
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <10.7.3
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
  • Curl/Curlllm-fuzzy
    Range: >=7.10.6 <=7.21.6

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.