An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Curl | Haxx | 7.33.0 (including) | 7.83.0 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | curl-0:7.61.1-22.el8_6.3 | * |
| Red Hat Enterprise Linux 9 | RedHat | curl-0:7.76.1-14.el9_0.4 | * |
| Red Hat Enterprise Linux 9 | RedHat | curl-0:7.76.1-14.el9_0.4 | * |
| Curl | Ubuntu | bionic | * |
| Curl | Ubuntu | devel | * |
| Curl | Ubuntu | esm-infra-legacy/trusty | * |
| Curl | Ubuntu | esm-infra/xenial | * |
| Curl | Ubuntu | focal | * |
| Curl | Ubuntu | impish | * |
| Curl | Ubuntu | jammy | * |
| Curl | Ubuntu | trusty/esm | * |
| Curl | Ubuntu | upstream | * |