cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libcurl | Haxx | 7.10.6 (including) | 7.10.6 (including) |
| Libcurl | Haxx | 7.10.7 (including) | 7.10.7 (including) |
| Libcurl | Haxx | 7.10.8 (including) | 7.10.8 (including) |
| Libcurl | Haxx | 7.11.0 (including) | 7.11.0 (including) |
| Libcurl | Haxx | 7.11.1 (including) | 7.11.1 (including) |
| Libcurl | Haxx | 7.11.2 (including) | 7.11.2 (including) |
| Libcurl | Haxx | 7.12.0 (including) | 7.12.0 (including) |
| Libcurl | Haxx | 7.12.1 (including) | 7.12.1 (including) |
| Libcurl | Haxx | 7.12.2 (including) | 7.12.2 (including) |
| Libcurl | Haxx | 7.12.3 (including) | 7.12.3 (including) |
| Libcurl | Haxx | 7.13.0 (including) | 7.13.0 (including) |
| Libcurl | Haxx | 7.13.1 (including) | 7.13.1 (including) |
| Libcurl | Haxx | 7.13.2 (including) | 7.13.2 (including) |
| Libcurl | Haxx | 7.14.0 (including) | 7.14.0 (including) |
| Libcurl | Haxx | 7.14.1 (including) | 7.14.1 (including) |
| Libcurl | Haxx | 7.15.0 (including) | 7.15.0 (including) |
| Libcurl | Haxx | 7.15.1 (including) | 7.15.1 (including) |
| Libcurl | Haxx | 7.15.2 (including) | 7.15.2 (including) |
| Libcurl | Haxx | 7.15.3 (including) | 7.15.3 (including) |
| Libcurl | Haxx | 7.15.4 (including) | 7.15.4 (including) |
| Libcurl | Haxx | 7.15.5 (including) | 7.15.5 (including) |
| Libcurl | Haxx | 7.16.0 (including) | 7.16.0 (including) |
| Libcurl | Haxx | 7.16.1 (including) | 7.16.1 (including) |
| Libcurl | Haxx | 7.16.2 (including) | 7.16.2 (including) |
| Libcurl | Haxx | 7.16.3 (including) | 7.16.3 (including) |
| Libcurl | Haxx | 7.16.4 (including) | 7.16.4 (including) |
| Libcurl | Haxx | 7.17.0 (including) | 7.17.0 (including) |
| Libcurl | Haxx | 7.17.1 (including) | 7.17.1 (including) |
| Libcurl | Haxx | 7.18.0 (including) | 7.18.0 (including) |
| Libcurl | Haxx | 7.18.1 (including) | 7.18.1 (including) |
| Libcurl | Haxx | 7.18.2 (including) | 7.18.2 (including) |
| Libcurl | Haxx | 7.19.0 (including) | 7.19.0 (including) |
| Libcurl | Haxx | 7.19.1 (including) | 7.19.1 (including) |
| Libcurl | Haxx | 7.19.2 (including) | 7.19.2 (including) |
| Libcurl | Haxx | 7.19.3 (including) | 7.19.3 (including) |
| Libcurl | Haxx | 7.19.4 (including) | 7.19.4 (including) |
| Libcurl | Haxx | 7.19.5 (including) | 7.19.5 (including) |
| Libcurl | Haxx | 7.19.6 (including) | 7.19.6 (including) |
| Libcurl | Haxx | 7.19.7 (including) | 7.19.7 (including) |
| Libcurl | Haxx | 7.20.0 (including) | 7.20.0 (including) |
| Libcurl | Haxx | 7.20.1 (including) | 7.20.1 (including) |
| Libcurl | Haxx | 7.21.0 (including) | 7.21.0 (including) |
| Libcurl | Haxx | 7.21.1 (including) | 7.21.1 (including) |
| Libcurl | Haxx | 7.21.2 (including) | 7.21.2 (including) |
| Libcurl | Haxx | 7.21.3 (including) | 7.21.3 (including) |
| Libcurl | Haxx | 7.21.4 (including) | 7.21.4 (including) |
| Libcurl | Haxx | 7.21.5 (including) | 7.21.5 (including) |
| Libcurl | Haxx | 7.21.6 (including) | 7.21.6 (including) |
| Libcurl | Haxx | 7.21.7 (including) | 7.21.7 (including) |
| Libcurl | Haxx | 7.22.0 (including) | 7.22.0 (including) |
| Libcurl | Haxx | 7.23.0 (including) | 7.23.0 (including) |
| Libcurl | Haxx | 7.23.1 (including) | 7.23.1 (including) |
| Libcurl | Haxx | 7.24.0 (including) | 7.24.0 (including) |
| Libcurl | Haxx | 7.25.0 (including) | 7.25.0 (including) |
| Libcurl | Haxx | 7.26.0 (including) | 7.26.0 (including) |
| Libcurl | Haxx | 7.27.0 (including) | 7.27.0 (including) |
| Libcurl | Haxx | 7.28.0 (including) | 7.28.0 (including) |
| Libcurl | Haxx | 7.28.1 (including) | 7.28.1 (including) |
| Libcurl | Haxx | 7.29.0 (including) | 7.29.0 (including) |
| Libcurl | Haxx | 7.30.0 (including) | 7.30.0 (including) |
| Libcurl | Haxx | 7.31.0 (including) | 7.31.0 (including) |
| Libcurl | Haxx | 7.32.0 (including) | 7.32.0 (including) |
| Libcurl | Haxx | 7.33.0 (including) | 7.33.0 (including) |
| Libcurl | Haxx | 7.34.0 (including) | 7.34.0 (including) |
| Red Hat Enterprise Linux 6 | RedHat | curl-0:7.19.7-37.el6_5.3 | * |
| Curl | Ubuntu | devel | * |
| Curl | Ubuntu | lucid | * |
| Curl | Ubuntu | precise | * |
| Curl | Ubuntu | quantal | * |
| Curl | Ubuntu | saucy | * |
| Curl | Ubuntu | upstream | * |