Impact
A logical error in libcurl causes an application to reuse an existing connection that was authenticated with one service when it should use a different service. The reused connection may thus grant the attacker access to resources belonging to a different authentication domain, effectively bypassing intended access controls. This flaw represents an Improper Authentication weakness that can lead to unauthorized data access and privilege escalation.
Affected Systems
The vulnerability affects the libcurl library (curl:curl). No specific versions are listed in the data, so all installations using this library—particularly those configured to use Negotiate authentication—are potentially impacted.
Risk and Exploitability
Explicit severity metrics are not supplied; the EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog. The attack likely requires the attacker to influence the application’s reuse behavior or to trigger the logical error during a request. Based on the description, the risk can be considered moderate to high, but the exact exploitation probability cannot be quantified without further data.
OpenCVE Enrichment
Ubuntu USN