rpm package
suse/curl&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3784 | Med | 6.5 | < 8.14.1-150400.5.80.1 | 8.14.1-150400.5.80.1 | Mar 11, 2026 | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection. | |
| CVE-2026-3805 | — | < 8.14.1-150400.5.80.1 | 8.14.1-150400.5.80.1 | Mar 11, 2026 | When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. | ||
| CVE-2026-3783 | — | < 8.14.1-150400.5.80.1 | 8.14.1-150400.5.80.1 | Mar 11, 2026 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .ne | ||
| CVE-2026-1965 | — | < 8.14.1-150400.5.80.1 | 8.14.1-150400.5.80.1 | Mar 11, 2026 | libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connectio | ||
| CVE-2025-9086 | Hig | 7.5 | < 8.14.1-150400.5.69.1 | 8.14.1-150400.5.69.1 | Sep 12, 2025 | 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path | |
| CVE-2025-10148 | — | < 8.14.1-150400.5.69.1 | 8.14.1-150400.5.69.1 | Sep 12, 2025 | curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traf | ||
| CVE-2025-0725 | — | < 8.0.1-150400.5.62.1 | 8.0.1-150400.5.62.1 | Feb 5, 2025 | When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. | ||
| CVE-2025-0167 | — | < 8.0.1-150400.5.62.1 | 8.0.1-150400.5.62.1 | Feb 5, 2025 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both l |
- affected < 8.14.1-150400.5.80.1fixed 8.14.1-150400.5.80.1
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
- CVE-2026-3805Mar 11, 2026affected < 8.14.1-150400.5.80.1fixed 8.14.1-150400.5.80.1
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
- CVE-2026-3783Mar 11, 2026affected < 8.14.1-150400.5.80.1fixed 8.14.1-150400.5.80.1
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .ne
- CVE-2026-1965Mar 11, 2026affected < 8.14.1-150400.5.80.1fixed 8.14.1-150400.5.80.1
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connectio
- affected < 8.14.1-150400.5.69.1fixed 8.14.1-150400.5.69.1
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path
- CVE-2025-10148Sep 12, 2025affected < 8.14.1-150400.5.69.1fixed 8.14.1-150400.5.69.1
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traf
- CVE-2025-0725Feb 5, 2025affected < 8.0.1-150400.5.62.1fixed 8.0.1-150400.5.62.1
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
- CVE-2025-0167Feb 5, 2025affected < 8.0.1-150400.5.62.1fixed 8.0.1-150400.5.62.1
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both l