{"id":"USN-8084-1","summary":"curl vulnerabilities","details":"Zhicheng Chen discovered that curl could incorrectly reuse the wrong\nconnection for Negotiate-authenticated HTTP or HTTPS requests. This could\nresult in the use of credentials from a different connection, contrary to\nexpectations. (CVE-2026-1965)\n\nIt was discovered that curl incorrectly leaked OAuth2 bearer tokens when\nfollowing a redirect. This could result in tokens being sent to the wrong\nhost, contrary to expectations. (CVE-2026-3783)\n\nMuhamad Arga Reksapati discovered that curl incorrectly reused existing\nHTTP proxy connections even if the request used different credentials. This\ncould result in the use of incorrect credentials, contrary to expectations.\n(CVE-2026-3784)\n\nDaniel Wade discovered that curl incorrectly handled certain memory\noperations when doing a second SMB request to the same host. An attacker\ncould use this issue to cause curl to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. This issue only affected\nUbuntu 25.10. (CVE-2026-3805)\n\nYihang Zhou discovered that curl incorrectly reused .netrc file credentials\nwhen following redirects. This could result in the use of credentials for\na different host, contrary to expectations. This issue only affected Ubuntu\n22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-0167)","modified":"2026-04-27T18:47:20.575043315Z","published":"2026-03-11T12:11:15Z","related":["UBUNTU-CVE-2025-0167","UBUNTU-CVE-2026-1965","UBUNTU-CVE-2026-3783","UBUNTU-CVE-2026-3784","UBUNTU-CVE-2026-3805"],"upstream":["CVE-2025-0167","CVE-2026-1965","CVE-2026-3783","CVE-2026-3784","CVE-2026-3805","UBUNTU-CVE-2025-0167","UBUNTU-CVE-2026-1965","UBUNTU-CVE-2026-3783","UBUNTU-CVE-2026-3784","UBUNTU-CVE-2026-3805"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8084-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-0167"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-1965"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-3783"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-3784"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-3805"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.23?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.81.0-1ubuntu1.23"}]}],"versions":["7.74.0-1.3ubuntu2","7.74.0-1.3ubuntu3","7.80.0-3","7.81.0-1","7.81.0-1ubuntu1.1","7.81.0-1ubuntu1.2","7.81.0-1ubuntu1.3","7.81.0-1ubuntu1.4","7.81.0-1ubuntu1.6","7.81.0-1ubuntu1.7","7.81.0-1ubuntu1.8","7.81.0-1ubuntu1.10","7.81.0-1ubuntu1.11","7.81.0-1ubuntu1.13","7.81.0-1ubuntu1.14","7.81.0-1ubuntu1.15","7.81.0-1ubuntu1.16","7.81.0-1ubuntu1.17","7.81.0-1ubuntu1.18","7.81.0-1ubuntu1.19","7.81.0-1ubuntu1.20","7.81.0-1ubuntu1.21","7.81.0-1ubuntu1.22"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.81.0-1ubuntu1.23","binary_name":"curl"},{"binary_version":"7.81.0-1ubuntu1.23","binary_name":"libcurl3-gnutls"},{"binary_version":"7.81.0-1ubuntu1.23","binary_name":"libcurl3-nss"},{"binary_version":"7.81.0-1ubuntu1.23","binary_name":"libcurl4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8084-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2025-0167","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-1965","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-3783","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-3784","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"low"}]}]}}},{"package":{"name":"curl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.8?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.0-2ubuntu10.8"}]}],"versions":["8.2.1-1ubuntu3","8.2.1-1ubuntu3.1","8.4.0-2ubuntu1","8.5.0-2ubuntu1","8.5.0-2ubuntu2","8.5.0-2ubuntu8","8.5.0-2ubuntu9","8.5.0-2ubuntu10","8.5.0-2ubuntu10.1","8.5.0-2ubuntu10.2","8.5.0-2ubuntu10.3","8.5.0-2ubuntu10.4","8.5.0-2ubuntu10.5","8.5.0-2ubuntu10.6","8.5.0-2ubuntu10.7"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"8.5.0-2ubuntu10.8","binary_name":"curl"},{"binary_version":"8.5.0-2ubuntu10.8","binary_name":"libcurl3t64-gnutls"},{"binary_version":"8.5.0-2ubuntu10.8","binary_name":"libcurl4t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8084-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2025-0167","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-1965","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-3783","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-3784","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"low"}]}]}}},{"package":{"name":"curl","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/curl@8.14.1-2ubuntu1.2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.14.1-2ubuntu1.2"}]}],"versions":["8.12.1-3ubuntu1","8.13.0-5ubuntu1","8.14.1-1ubuntu2","8.14.1-1ubuntu3","8.14.1-2ubuntu1","8.14.1-2ubuntu1.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"8.14.1-2ubuntu1.2","binary_name":"curl"},{"binary_version":"8.14.1-2ubuntu1.2","binary_name":"libcurl3t64-gnutls"},{"binary_name":"libcurl4t64","binary_version":"8.14.1-2ubuntu1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8084-1.json","cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"id":"CVE-2026-1965","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-3783","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-3784","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-3805","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}