CVE-2025-0167
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-0167
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0167.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-0167
- Aliases
- Downstream
- Related
- Published
- 2025-02-05T10:15:22Z
- Modified
- 2025-10-10T05:00:44.404178Z
- Summary
- [none]
- Details
-
When asked to use a
.netrcfile for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.This flaw only manifests itself if the netrc file has a
defaultentry that omits both login and password. A rare circumstance. - References
Affected packages
Git / github.com/curl/curl
Affected versions
Other
curl-7_76_0
curl-7_76_1
curl-7_77_0
curl-7_78_0
curl-7_79_0
curl-7_79_1
curl-7_80_0
curl-7_81_0
curl-7_82_0
curl-7_83_0
curl-7_83_1
curl-7_84_0
curl-7_85_0
curl-7_86_0
curl-7_87_0
curl-7_88_0
curl-7_88_1
curl-8_0_0
curl-8_0_1
curl-8_10_0
curl-8_10_1
curl-8_11_0
curl-8_11_1
curl-8_1_0
curl-8_1_1
curl-8_1_2
curl-8_2_0
curl-8_2_1
curl-8_3_0
curl-8_4_0
curl-8_5_0
curl-8_6_0
curl-8_7_0
curl-8_7_1
curl-8_8_0
curl-8_9_0
curl-8_9_1