CURL-CVE-2025-14819

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-14819.html

Import Source

https://curl.se/docs/CURL-CVE-2025-14819.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2025-14819

Aliases

CVE-2025-14819

Published

2026-01-07T08:00:00Z

Modified

2026-01-09T05:52:16.783336Z

Summary

OpenSSL partial chain store policy bypass

Details

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Database specific

{
    "severity": "Low",
    "award": {
        "currency": "USD",
        "amount": "505"
    },
    "URL": "https://curl.se/docs/CVE-2025-14819.json",
    "last_affected": "8.17.0",
    "affects": "lib",
    "package": "curl",
    "www": "https://curl.se/docs/CVE-2025-14819.html",
    "CWE": {
        "desc": "Improper Certificate Validation",
        "id": "CWE-295"
    }
}

References

Credits

- Stanislav Fort (Aisle Research) - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.87.0

Fixed

8.18.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

3c16697ebd796f799227be293e8689aec5f8190d

Fixed

cd046f6c93b39d673a58c18648d8906e954c4f5d

Affected versions

7.*

7.87.0

7.88.0

7.88.1

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.10.0

8.10.1

8.11.0

8.11.1

8.12.0

8.12.1

8.13.0

8.14.0

8.14.1

8.15.0

8.16.0

8.17.0

8.2.0

8.2.1

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.9.0

8.9.1

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "24588455602216783009959061991887153723",
                "243701758830433755857599459337560932311",
                "225258800236710769903859054969586838060",
                "25990538584220050479711915710575571691",
                "221080617783384725085830623519279350718",
                "31124868775110068899891426659678412176",
                "333674099334117062775795045877545045154",
                "278555971141726737408813484396304020447",
                "29587246587727746256660267812476819099",
                "134047099790352440304476359778886178105",
                "324670335573142889270039762166547999130",
                "19143372829455911221153103976660111384",
                "96100141111474995885555286295067029292",
                "94154993711893605014907642359703562429",
                "155377724732839160525085331138014518194",
                "78409159151496152838617197153848363397",
                "139051814744622016641716648786056108245",
                "107879594397819616396548832760494787335",
                "82344319811393755681429678681193611120",
                "67517866016963602950371437082415131771",
                "245722058868568437459688414854125593042",
                "263806445921468867449934754150834214724",
                "121397601507164797038381705299090973409",
                "99485680307282015236327817082621692383",
                "2850679522155658156513395443321695664"
            ]
        },
        "id": "CURL-CVE-2025-14819-118b0836",
        "source": "https://github.com/curl/curl.git/commit/cd046f6c93b39d673a58c18648d8906e954c4f5d",
        "signature_type": "Line",
        "target": {
            "file": "lib/vtls/openssl.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 466.0,
            "function_hash": "52407666923541294948176968983100423552"
        },
        "id": "CURL-CVE-2025-14819-94a6565e",
        "source": "https://github.com/curl/curl.git/commit/cd046f6c93b39d673a58c18648d8906e954c4f5d",
        "signature_type": "Function",
        "target": {
            "file": "lib/vtls/openssl.c",
            "function": "ossl_get_cached_x509_store"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 930.0,
            "function_hash": "323178333304777592372588309031391300565"
        },
        "id": "CURL-CVE-2025-14819-c24eced9",
        "source": "https://github.com/curl/curl.git/commit/cd046f6c93b39d673a58c18648d8906e954c4f5d",
        "signature_type": "Function",
        "target": {
            "file": "lib/vtls/openssl.c",
            "function": "ossl_set_cached_x509_store"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 240.0,
            "function_hash": "27738876019811991671499804338568940198"
        },
        "id": "CURL-CVE-2025-14819-e2decdde",
        "source": "https://github.com/curl/curl.git/commit/cd046f6c93b39d673a58c18648d8906e954c4f5d",
        "signature_type": "Function",
        "target": {
            "file": "lib/vtls/openssl.c",
            "function": "ossl_cached_x509_store_different"
        },
        "signature_version": "v1",
        "deprecated": false
    }
]

source

"https://curl.se/docs/CURL-CVE-2025-14819.json"