Successfully using libcurl to do a transfer to a specific HTTP origin
(hostA) with Digest authentication and then changing the origin to a
different one (hostB) for a second transfer, reusing the same handle, makes
libcurl wrongly pass on the Authorization: header field meant for hostA,
to hostB.
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Curl | Haxx | 7.10.6 (including) | 8.21.0 (excluding) |
| Red Hat Hardened Images | RedHat | rust-main-1.96.1-1.hum1 | * |
| Curl | Ubuntu | devel | * |
| Curl | Ubuntu | esm-infra-legacy/trusty | * |
| Curl | Ubuntu | esm-infra-legacy/xenial | * |
| Curl | Ubuntu | esm-infra/bionic | * |
| Curl | Ubuntu | esm-infra/focal | * |
| Curl | Ubuntu | jammy | * |
| Curl | Ubuntu | noble | * |
| Curl | Ubuntu | questing | * |
| Curl | Ubuntu | resolute | * |
| Curl | Ubuntu | upstream | * |