rpm package
suse/curl&distro=SUSE Linux Enterprise Server 15 SP6-LTSS
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3784 | Med | 6.5 | < 8.14.1-150600.4.40.1 | 8.14.1-150600.4.40.1 | Mar 11, 2026 | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection. | |
| CVE-2026-3805 | — | < 8.14.1-150600.4.40.1 | 8.14.1-150600.4.40.1 | Mar 11, 2026 | When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. | ||
| CVE-2026-3783 | — | < 8.14.1-150600.4.40.1 | 8.14.1-150600.4.40.1 | Mar 11, 2026 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .ne | ||
| CVE-2026-1965 | — | < 8.14.1-150600.4.40.1 | 8.14.1-150600.4.40.1 | Mar 11, 2026 | libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connectio |
- affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
- CVE-2026-3805Mar 11, 2026affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
- CVE-2026-3783Mar 11, 2026affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .ne
- CVE-2026-1965Mar 11, 2026affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connectio