libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different services.
libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.
When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different services.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Curl | Haxx | 7.46.0 (including) | 8.20.0 (excluding) |
| Curl | Ubuntu | devel | * |
| Curl | Ubuntu | esm-infra/bionic | * |
| Curl | Ubuntu | esm-infra/focal | * |
| Curl | Ubuntu | jammy | * |
| Curl | Ubuntu | noble | * |
| Curl | Ubuntu | questing | * |
| Curl | Ubuntu | resolute | * |
| Curl | Ubuntu | upstream | * |