PT-2014-1828 · Curl+4 · Libcurl+5

Publicado

2014-03-26

Atualizado

2026-05-18

CVE-2014-0138

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions cURL and libcurl versions 7.10.6 through 7.36.0

Description The default configuration in cURL and libcurl re-uses connections for various protocols, which might allow context-dependent attackers to connect as other users via a request. This issue can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For versions 7.10.6 through 7.36.0, update to version 7.36.0 or later to resolve the issue. As a temporary workaround, consider disabling the re-use of connections for SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP, and LDAPS protocols until a patch is available. Restrict access to sensitive information and resources to minimize the risk of exploitation.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-305

Identificadores relacionados

ALT-PU-2014-1419

BDU:2015-06304

BDU:2015-06305

BDU:2015-09087

BDU:2015-09088

BDU:2015-09763

CESA-2014_0561

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2014-0138

DSA-2902-1

MGASA-2014-0153

OPENSUSE-SU-2024:10303-1

RHSA-2014:0561

RHSA-2014_0561

SUSE-SU-2014_0691-1

SUSE-SU-2015:0962-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Curl

Libcurl

PT-2014-1828 · Curl+4 · Libcurl+5

CVE-2014-0138

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 329