The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "7.35.0-1ubuntu2.6", "binary_name": "curl" }, { "binary_version": "7.35.0-1ubuntu2.6", "binary_name": "libcurl3" }, { "binary_version": "7.35.0-1ubuntu2.6", "binary_name": "libcurl3-gnutls" }, { "binary_version": "7.35.0-1ubuntu2.6", "binary_name": "libcurl3-nss" }, { "binary_version": "7.35.0-1ubuntu2.6", "binary_name": "libcurl4-gnutls-dev" }, { "binary_version": "7.35.0-1ubuntu2.6", "binary_name": "libcurl4-nss-dev" }, { "binary_version": "7.35.0-1ubuntu2.6", "binary_name": "libcurl4-openssl-dev" } ] }