CVE-2025-0167

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-0167

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0167.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-0167

Aliases

CURL-CVE-2025-0167

Related

UBUNTU-CVE-2025-0167

Published

2025-02-05T10:15:22Z

Modified

2025-03-15T11:50:18.065780Z

Summary

[none]

Details

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.

References

Affected packages

Alpine:v3.18 / curl

Package

Name: curl
Purl: pkg:apk/alpine/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.12.0-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.84.0-r0

7.84.0-r1

7.84.0-r2

7.85.0-r0

7.86.0-r0

7.86.0-r1

7.87.0-r0

7.87.0-r1

7.87.0-r2

7.87.0-r3

7.88.0-r0

7.88.0-r1

7.88.1-r0

7.88.1-r1

8.*

8.0.0-r0

8.0.1-r0

8.0.1-r1

8.0.1-r2

8.1.0-r0

8.1.0-r1

8.1.0-r2

8.1.1-r0

8.1.1-r1

8.1.2-r0

8.2.0-r0

8.2.0-r1

8.2.1-r0

8.3.0-r0

8.4.0-r0

8.5.0-r0

8.9.0-r0

8.9.1-r0

8.9.1-r1

8.11.1-r0

8.11.1-r1

Alpine:v3.19 / curl

Package

Name: curl
Purl: pkg:apk/alpine/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.12.0-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.84.0-r0

7.84.0-r1

7.84.0-r2

7.85.0-r0

7.86.0-r0

7.86.0-r1

7.87.0-r0

7.87.0-r1

7.87.0-r2

7.87.0-r3

7.88.0-r0

7.88.0-r1

7.88.1-r0

7.88.1-r1

8.*

8.0.0-r0

8.0.1-r0

8.0.1-r1

8.0.1-r2

8.0.1-r3

8.1.0-r0

8.1.0-r1

8.1.0-r2

8.1.0-r3

8.1.1-r0

8.1.1-r1

8.1.2-r0

8.1.2-r1

8.1.2-r2

8.2.0-r0

8.2.0-r1

8.2.1-r0

8.3.0-r0

8.3.0-r1

8.4.0-r0

8.5.0-r0

8.9.0-r0

8.9.1-r0

8.9.1-r1

8.11.1-r0

8.11.1-r1

Alpine:v3.20 / curl

Package

Name: curl
Purl: pkg:apk/alpine/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.12.0-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.84.0-r0

7.84.0-r1

7.84.0-r2

7.85.0-r0

7.86.0-r0

7.86.0-r1

7.87.0-r0

7.87.0-r1

7.87.0-r2

7.87.0-r3

7.88.0-r0

7.88.0-r1

7.88.1-r0

7.88.1-r1

8.*

8.0.0-r0

8.0.1-r0

8.0.1-r1

8.0.1-r2

8.0.1-r3

8.1.0-r0

8.1.0-r1

8.1.0-r2

8.1.0-r3

8.1.1-r0

8.1.1-r1

8.1.2-r0

8.1.2-r1

8.1.2-r2

8.2.0-r0

8.2.0-r1

8.2.1-r0

8.3.0-r0

8.3.0-r1

8.4.0-r0

8.5.0-r0

8.5.0-r1

8.6.0-r0

8.6.0-r1

8.7.1-r0

8.8.0-r0

8.9.0-r0

8.9.1-r0

8.9.1-r1

8.9.1-r2

8.10.0-r0

8.10.1-r0

8.11.0-r0

8.11.0-r1

8.11.0-r2

8.11.1-r0

8.11.1-r1

Alpine:v3.21 / curl

Package

Name: curl
Purl: pkg:apk/alpine/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.12.0-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.84.0-r0

7.84.0-r1

7.84.0-r2

7.85.0-r0

7.86.0-r0

7.86.0-r1

7.87.0-r0

7.87.0-r1

7.87.0-r2

7.87.0-r3

7.88.0-r0

7.88.0-r1

7.88.1-r0

7.88.1-r1

8.*

8.0.0-r0

8.0.1-r0

8.0.1-r1

8.0.1-r2

8.0.1-r3

8.1.0-r0

8.1.0-r1

8.1.0-r2

8.1.0-r3

8.1.1-r0

8.1.1-r1

8.1.2-r0

8.1.2-r1

8.1.2-r2

8.2.0-r0

8.2.0-r1

8.2.1-r0

8.3.0-r0

8.3.0-r1

8.4.0-r0

8.5.0-r0

8.5.0-r1

8.6.0-r0

8.6.0-r1

8.7.1-r0

8.8.0-r0

8.8.0-r1

8.9.0-r0

8.9.1-r0

8.9.1-r1

8.9.1-r2

8.10.0-r0

8.10.0-r1

8.10.1-r0

8.11.0-r0

8.11.0-r1

8.11.0-r2

8.11.1-r0

8.11.1-r1

Debian:12 / curl

Package

Name: curl
Purl: pkg:deb/debian/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.88.1-10+deb12u11

Affected versions

7.*

7.88.1-10

7.88.1-10+deb12u1~bpo11+1

7.88.1-10+deb12u1

7.88.1-10+deb12u2

7.88.1-10+deb12u3~bpo11+1

7.88.1-10+deb12u3

7.88.1-10+deb12u4

7.88.1-10+deb12u5~bpo11+1

7.88.1-10+deb12u5

7.88.1-10+deb12u6~bpo11+1

7.88.1-10+deb12u6

7.88.1-10+deb12u7

7.88.1-10+deb12u8

7.88.1-10+deb12u9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / curl

Package

Name: curl
Purl: pkg:deb/debian/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.12.0+git20250209.89ed161+ds-1

Affected versions

7.*

7.88.1-10

7.88.1-11

8.*

8.0.1-1~exp1

8.2.1-1

8.2.1-2~bpo12+1

8.2.1-2

8.3.0-1

8.3.0-2~bpo12+1

8.3.0-2~exp1

8.3.0-2

8.3.0-3

8.4.0-1

8.4.0-2~bpo12+1

8.4.0-2

8.5.0-1

8.5.0-1+exp1

8.5.0-2~bpo12+1

8.5.0-2

8.5.0-2+exp1

8.6.0-1

8.6.0-1.1

8.6.0-2

8.6.0-3

8.6.0-3.1~exp1

8.6.0-3.1~exp2

8.6.0-3.1

8.6.0-3.2

8.6.0-4

8.7.1-1

8.7.1-1+exp1

8.7.1-2

8.7.1-3

8.7.1-4

8.7.1-5~bpo12+1

8.7.1-5

8.7.1-5+exp1

8.8.0-1~bpo12+1

8.8.0-1

8.8.0-1+exp1

8.8.0-1+exp2

8.8.0-2

8.8.0-3

8.8.0-4

8.9.0-1

8.9.0-2

8.9.0-3

8.9.1-1

8.9.1-2~bpo12+1

8.9.1-2

8.10.0-1

8.10.0-2

8.10.1-1~bpo12+1

8.10.1-1

8.10.1-2

8.11.0-1

8.11.1-1~bpo12+1

8.11.1-1

8.12.0+git20250209.89ed161+ds-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}