Unrated severityNVD Advisory· Published Apr 15, 2014· Updated May 6, 2026
CVE-2014-0138
CVE-2014-0138
Description
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Affected products
131cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*+ 64 more
- cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*+ 64 more
- cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- curl.haxx.se/docs/adv_20140326A.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-04/msg00042.htmlnvd
- seclists.org/fulldisclosure/2014/Dec/23nvd
- secunia.com/advisories/57836nvd
- secunia.com/advisories/57966nvd
- secunia.com/advisories/57968nvd
- secunia.com/advisories/58615nvd
- secunia.com/advisories/59458nvd
- www-01.ibm.com/support/docview.wssnvd
- www-947.ibm.com/support/entry/portal/docdisplaynvd
- www.debian.org/security/2014/dsa-2902nvd
- www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/nvd
- www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/nvd
- www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/nvd
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
- www.securityfocus.com/archive/1/534161/100/0/threadednvd
- www.ubuntu.com/usn/USN-2167-1nvd
- www.vmware.com/security/advisories/VMSA-2014-0012.htmlnvd
News mentions
0No linked articles in our index yet.