CVE-2025-14017

Medium CVSS: 6.3

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,
changing TLS options in one thread would inadvertently change them globally
and therefore possibly also affect other concurrently setup transfers.

Disabling certificate verification for a specific transfer could
unintentionally disable the feature for other threads as well.

Vendor

Haxx

Product

Curl

CWE

NVD-CWE-Other

Yayın Tarihi

2026-01-08 10:15:45

Güncelleme

2026-01-27 21:29:39

Source Identifier

2499f714-1537-4658-8207-48ae4bb9eae9

KEV Date Added

Kategoriler

NVD-CWE-Other Curl MEDIUM Haxx 2026

Referanslar

https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json http://www.openwall.com/lists/oss-security/2026/01/07/3

Benzer Kayıtlar

Medium

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl…

Medium

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses diffe…

High

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already free…

Medium

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS r…

Medium

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenl…

Low

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly s…