<p>Upgrade <code>Debian:10</code> <code>curl</code> to version 7.36.0-1 or higher.</p>

Improper Authentication Affecting curl package, versions <7.36.0-1

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.62% (79^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN10-CURL-358399
published 15 Apr 2014
disclosed 15 Apr 2014

Report a new vulnerability Found a mistake?

Introduced: 15 Apr 2014

CVE-2014-0138 Open this link in a new tab CWE-287 Open this link in a new tab

How to fix?

Upgrade Debian:10 curl to version 7.36.0-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.