PT-2025-37032 · Curl+11 · Curl+11
Daniel Stenberg
·
Published
2025-01-01
·
Updated
2026-05-18
·
CVE-2025-9086
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
curl versions prior to 7.74.0-1.3+deb11u16
curl (affected versions not specified)
Description
curl contains an out-of-bounds read issue in the cookie path comparison logic. This occurs when a secure cookie set via HTTPS is followed by a redirection to an insecure HTTP site using the same cookie name and a path of '/'. The vulnerability stems from a flaw in the path comparison logic, potentially leading to crashes or allowing insecure sites to override secure cookie contents. The issue arises when curl reads beyond heap buffer boundaries. The vulnerability could allow an attacker to control an HTTP site with the same name as the HTTPS version or perform a Man-in-the-Middle (MITM) attack.
Recommendations
Upgrade to curl version 7.74.0-1.3+deb11u16 or later.
Upgrade to the latest available version of curl.
Exploit
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Centos
Debian
Ibm Aix
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Curl