A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NApple macOS
OSApple< 12.3Debian
OSDebian10.011.09.0Fedora Project Fedora
OSFedoraproject3335Haxx Curl
APPHaxx7.20.0 – 7.79.0 (bez)Netapp Cloud Backup
APPNetappwszystkie wersjeNetapp Clustered Data Ontap
APPNetappwszystkie wersjeNetapp H300e
HWNetappwszystkie wersjeNetapp H300e Firmware
OSNetappwszystkie wersjeNetapp H300s
HWNetappwszystkie wersjeNetapp H300s Firmware
OSNetappwszystkie wersjeNetapp H410s
HWNetappwszystkie wersjeNetapp H410s Firmware
OSNetappwszystkie wersjeNetapp H500e
HWNetappwszystkie wersjeNetapp H500e Firmware
OSNetappwszystkie wersjeNetapp H500s
HWNetappwszystkie wersjeNetapp H500s Firmware
OSNetappwszystkie wersjeNetapp H700e
HWNetappwszystkie wersjeNetapp H700e Firmware
OSNetappwszystkie wersjeNetapp H700s
HWNetappwszystkie wersjeNetapp H700s Firmware
OSNetappwszystkie wersjeNetapp Oncommand Insight
APPNetappwszystkie wersjeNetapp Oncommand Workflow Automation
APPNetappwszystkie wersjeNetapp Snapcenter
APPNetappwszystkie wersjeNetapp Solidfire Baseboard Management Controller
HWNetappwszystkie wersjeNetapp Solidfire Baseboard Management Controller Firmware
OSNetappwszystkie wersjeOracle Commerce Guided Search
APPOracle11.3.2Oracle Communications Cloud Native Core Binding Support Function
APPOracle1.11.022.1.3Oracle Communications Cloud Native Core Console
APPOracle22.2.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment
APPOracle1.10.0Oracle Communications Cloud Native Core Network Repository Function
APPOracle1.15.01.15.122.1.022.2.0
Related vulnerabilities
Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)