|
2186 | 2186 | } |
2187 | 2187 | ] |
2188 | 2188 | }, |
| 2189 | + { |
| 2190 | + "id": "CVE-2025-10966", |
| 2191 | + "details": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", |
| 2192 | + "aliases": ["CURL-CVE-2025-10966"], |
| 2193 | + "modified": "<RFC3339 date with the year 2026>", |
| 2194 | + "published": "2025-11-07T08:15:39.617Z", |
| 2195 | + "references": [ |
| 2196 | + { |
| 2197 | + "type": "FIX", |
| 2198 | + "url": "https://curl.se/docs/CVE-2025-10966.html" |
| 2199 | + }, |
| 2200 | + { |
| 2201 | + "type": "ADVISORY", |
| 2202 | + "url": "https://curl.se/docs/CVE-2025-10966.json" |
| 2203 | + }, |
| 2204 | + { |
| 2205 | + "type": "EVIDENCE", |
| 2206 | + "url": "https://hackerone.com/reports/3355218" |
| 2207 | + }, |
| 2208 | + { |
| 2209 | + "type": "ARTICLE", |
| 2210 | + "url": "http://www.openwall.com/lists/oss-security/2025/11/05/2" |
| 2211 | + } |
| 2212 | + ], |
| 2213 | + "affected": [ |
| 2214 | + { |
| 2215 | + "ranges": [ |
| 2216 | + { |
| 2217 | + "type": "GIT", |
| 2218 | + "repo": "https://github.com/curl/curl", |
| 2219 | + "events": [ |
| 2220 | + { |
| 2221 | + "introduced": "b8d1366852fd0034374c5de1e4968c7a224f77cc" |
| 2222 | + }, |
| 2223 | + { |
| 2224 | + "fixed": "400fffa90f30c7a2dc762fa33009d24851bd2016" |
| 2225 | + } |
| 2226 | + ] |
| 2227 | + } |
| 2228 | + ], |
| 2229 | + "versions": 53, |
| 2230 | + "database_specific": "<Any value>" |
| 2231 | + } |
| 2232 | + ], |
| 2233 | + "schema_version": "1.7.3", |
| 2234 | + "severity": [ |
| 2235 | + { |
| 2236 | + "type": "CVSS_V3", |
| 2237 | + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" |
| 2238 | + } |
| 2239 | + ] |
| 2240 | + }, |
| 2241 | + { |
| 2242 | + "id": "CVE-2025-14524", |
| 2243 | + "details": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", |
| 2244 | + "aliases": ["CURL-CVE-2025-14524"], |
| 2245 | + "modified": "<RFC3339 date with the year 2026>", |
| 2246 | + "published": "2026-01-08T10:15:46.607Z", |
| 2247 | + "related": ["MGASA-2026-0003"], |
| 2248 | + "references": [ |
| 2249 | + { |
| 2250 | + "type": "FIX", |
| 2251 | + "url": "https://curl.se/docs/CVE-2025-14524.html" |
| 2252 | + }, |
| 2253 | + { |
| 2254 | + "type": "ADVISORY", |
| 2255 | + "url": "https://curl.se/docs/CVE-2025-14524.json" |
| 2256 | + }, |
| 2257 | + { |
| 2258 | + "type": "EVIDENCE", |
| 2259 | + "url": "https://hackerone.com/reports/3459417" |
| 2260 | + }, |
| 2261 | + { |
| 2262 | + "type": "ARTICLE", |
| 2263 | + "url": "http://www.openwall.com/lists/oss-security/2026/01/07/4" |
| 2264 | + } |
| 2265 | + ], |
| 2266 | + "affected": [ |
| 2267 | + { |
| 2268 | + "ranges": [ |
| 2269 | + { |
| 2270 | + "type": "GIT", |
| 2271 | + "repo": "https://github.com/curl/curl", |
| 2272 | + "events": [ |
| 2273 | + { |
| 2274 | + "introduced": "f77e89c5d20db09eaebf378ec036a7e796932810" |
| 2275 | + }, |
| 2276 | + { |
| 2277 | + "fixed": "2eebc58c4b8d68c98c8344381a9f6df4cca838fd" |
| 2278 | + } |
| 2279 | + ] |
| 2280 | + } |
| 2281 | + ], |
| 2282 | + "versions": 109, |
| 2283 | + "database_specific": "<Any value>" |
| 2284 | + } |
| 2285 | + ], |
| 2286 | + "schema_version": "1.7.3", |
| 2287 | + "severity": [ |
| 2288 | + { |
| 2289 | + "type": "CVSS_V3", |
| 2290 | + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" |
| 2291 | + } |
| 2292 | + ] |
| 2293 | + }, |
| 2294 | + { |
| 2295 | + "id": "CVE-2025-14819", |
| 2296 | + "details": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", |
| 2297 | + "aliases": ["CURL-CVE-2025-14819"], |
| 2298 | + "modified": "<RFC3339 date with the year 2026>", |
| 2299 | + "published": "2026-01-08T10:15:46.730Z", |
| 2300 | + "related": ["MGASA-2026-0003"], |
| 2301 | + "references": [ |
| 2302 | + { |
| 2303 | + "type": "FIX", |
| 2304 | + "url": "https://curl.se/docs/CVE-2025-14819.html" |
| 2305 | + }, |
| 2306 | + { |
| 2307 | + "type": "ARTICLE", |
| 2308 | + "url": "http://www.openwall.com/lists/oss-security/2026/01/07/5" |
| 2309 | + }, |
| 2310 | + { |
| 2311 | + "type": "ADVISORY", |
| 2312 | + "url": "https://curl.se/docs/CVE-2025-14819.json" |
| 2313 | + } |
| 2314 | + ], |
| 2315 | + "affected": [ |
| 2316 | + { |
| 2317 | + "ranges": [ |
| 2318 | + { |
| 2319 | + "type": "GIT", |
| 2320 | + "repo": "https://github.com/curl/curl", |
| 2321 | + "events": [ |
| 2322 | + { |
| 2323 | + "introduced": "c12fb3ddaf48e709a7a4deaa55ec485e4df163ee" |
| 2324 | + }, |
| 2325 | + { |
| 2326 | + "fixed": "2eebc58c4b8d68c98c8344381a9f6df4cca838fd" |
| 2327 | + } |
| 2328 | + ] |
| 2329 | + } |
| 2330 | + ], |
| 2331 | + "versions": 34, |
| 2332 | + "database_specific": "<Any value>" |
| 2333 | + } |
| 2334 | + ], |
| 2335 | + "schema_version": "1.7.3", |
| 2336 | + "severity": [ |
| 2337 | + { |
| 2338 | + "type": "CVSS_V3", |
| 2339 | + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" |
| 2340 | + } |
| 2341 | + ] |
| 2342 | + }, |
| 2343 | + { |
| 2344 | + "id": "CVE-2025-15079", |
| 2345 | + "details": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", |
| 2346 | + "aliases": ["CURL-CVE-2025-15079"], |
| 2347 | + "modified": "<RFC3339 date with the year 2026>", |
| 2348 | + "published": "2026-01-08T10:15:47.100Z", |
| 2349 | + "related": ["MGASA-2026-0003"], |
| 2350 | + "references": [ |
| 2351 | + { |
| 2352 | + "type": "FIX", |
| 2353 | + "url": "https://curl.se/docs/CVE-2025-15079.html" |
| 2354 | + }, |
| 2355 | + { |
| 2356 | + "type": "ADVISORY", |
| 2357 | + "url": "https://curl.se/docs/CVE-2025-15079.json" |
| 2358 | + }, |
| 2359 | + { |
| 2360 | + "type": "EVIDENCE", |
| 2361 | + "url": "https://hackerone.com/reports/3477116" |
| 2362 | + }, |
| 2363 | + { |
| 2364 | + "type": "ARTICLE", |
| 2365 | + "url": "http://www.openwall.com/lists/oss-security/2026/01/07/6" |
| 2366 | + } |
| 2367 | + ], |
| 2368 | + "affected": [ |
| 2369 | + { |
| 2370 | + "ranges": [ |
| 2371 | + { |
| 2372 | + "type": "GIT", |
| 2373 | + "repo": "https://github.com/curl/curl", |
| 2374 | + "events": [ |
| 2375 | + { |
| 2376 | + "introduced": "d6c21c8eec597a925d2b647cff3d58ac69de01a0" |
| 2377 | + }, |
| 2378 | + { |
| 2379 | + "fixed": "2eebc58c4b8d68c98c8344381a9f6df4cca838fd" |
| 2380 | + } |
| 2381 | + ] |
| 2382 | + } |
| 2383 | + ], |
| 2384 | + "versions": 73, |
| 2385 | + "database_specific": "<Any value>" |
| 2386 | + } |
| 2387 | + ], |
| 2388 | + "schema_version": "1.7.3", |
| 2389 | + "severity": [ |
| 2390 | + { |
| 2391 | + "type": "CVSS_V3", |
| 2392 | + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" |
| 2393 | + } |
| 2394 | + ] |
| 2395 | + }, |
| 2396 | + { |
| 2397 | + "id": "CVE-2025-15224", |
| 2398 | + "details": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", |
| 2399 | + "aliases": ["CURL-CVE-2025-15224"], |
| 2400 | + "modified": "<RFC3339 date with the year 2026>", |
| 2401 | + "published": "2026-01-08T10:15:47.207Z", |
| 2402 | + "related": ["MGASA-2026-0003"], |
| 2403 | + "references": [ |
| 2404 | + { |
| 2405 | + "type": "FIX", |
| 2406 | + "url": "https://curl.se/docs/CVE-2025-15224.html" |
| 2407 | + }, |
| 2408 | + { |
| 2409 | + "type": "ADVISORY", |
| 2410 | + "url": "https://curl.se/docs/CVE-2025-15224.json" |
| 2411 | + }, |
| 2412 | + { |
| 2413 | + "type": "EVIDENCE", |
| 2414 | + "url": "https://hackerone.com/reports/3480925" |
| 2415 | + }, |
| 2416 | + { |
| 2417 | + "type": "ARTICLE", |
| 2418 | + "url": "http://www.openwall.com/lists/oss-security/2026/01/07/7" |
| 2419 | + } |
| 2420 | + ], |
| 2421 | + "affected": [ |
| 2422 | + { |
| 2423 | + "ranges": [ |
| 2424 | + { |
| 2425 | + "type": "GIT", |
| 2426 | + "repo": "https://github.com/curl/curl", |
| 2427 | + "events": [ |
| 2428 | + { |
| 2429 | + "introduced": "d6c21c8eec597a925d2b647cff3d58ac69de01a0" |
| 2430 | + }, |
| 2431 | + { |
| 2432 | + "fixed": "2eebc58c4b8d68c98c8344381a9f6df4cca838fd" |
| 2433 | + } |
| 2434 | + ] |
| 2435 | + } |
| 2436 | + ], |
| 2437 | + "versions": 73, |
| 2438 | + "database_specific": "<Any value>" |
| 2439 | + } |
| 2440 | + ], |
| 2441 | + "schema_version": "1.7.3", |
| 2442 | + "severity": [ |
| 2443 | + { |
| 2444 | + "type": "CVSS_V3", |
| 2445 | + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" |
| 2446 | + } |
| 2447 | + ] |
| 2448 | + }, |
2189 | 2449 | { |
2190 | 2450 | "id": "CVE-2025-5025", |
2191 | 2451 | "details": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", |
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments