CURL-CVE-2025-0167

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-0167.html

Import Source

https://curl.se/docs/CURL-CVE-2025-0167.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2025-0167

Aliases

CVE-2025-0167

Published

2025-02-05T08:00:00Z

Modified

2025-09-15T12:17:28Z

Summary

netrc and default credential leak

Details

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.

Database specific

{
    "www": "https://curl.se/docs/CVE-2025-0167.html",
    "URL": "https://curl.se/docs/CVE-2025-0167.json",
    "CWE": {
        "desc": "Exposure of Sensitive Information to an Unauthorized Actor",
        "id": "CWE-200"
    },
    "affects": "both",
    "last_affected": "8.11.1",
    "issue": "https://hackerone.com/reports/2917232",
    "award": {
        "amount": "505",
        "currency": "USD"
    },
    "severity": "Low",
    "package": "curl"
}

References

Credits

- Yihang Zhou - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.76.0

Fixed

8.12.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

46620b97431e19c53ce82e55055c85830f088cf4

Fixed

0e120c5b925e8ca75d5319e319e5ce4b8080d8eb

Affected versions

7.*

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.85.0

7.86.0

7.87.0

7.88.0

7.88.1

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.10.0

8.10.1

8.11.0

8.11.1

8.2.0

8.2.1

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.9.0

8.9.1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CURL-CVE-2025-0167-15d6fd1f",
            "digest": {
                "line_hashes": [
                    "20458848727035232539463676160844715969",
                    "90706272737080507433274527716916664546",
                    "16917327258350909374225622337481945083",
                    "95294599251604326993271975417061449667",
                    "69955327080921055285093850767477732234",
                    "68948961411026234800199585682669406206",
                    "191585321479983056735666444989778000369"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "lib/netrc.c"
            },
            "source": "https://github.com/curl/curl.git/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CURL-CVE-2025-0167-9ba894d6",
            "digest": {
                "length": 3446.0,
                "function_hash": "7801934723948004267281319048702801809"
            },
            "target": {
                "function": "parsenetrc",
                "file": "lib/netrc.c"
            },
            "source": "https://github.com/curl/curl.git/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        }
    ]
}