UBUNTU-CVE-2024-11053
- Source
- https://ubuntu.com/security/CVE-2024-11053
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-11053.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-11053
- Related
- Published
- 2024-12-11T00:00:00Z
- Modified
- 2025-01-13T10:24:48Z
- Summary
- [none]
- Details
-
When asked to both use a
.netrcfile for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. - References
Affected packages
Ubuntu:Pro:14.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm18?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14
7.35.0-1ubuntu2.20+esm15
7.35.0-1ubuntu2.20+esm16
7.35.0-1ubuntu2.20+esm17
7.35.0-1ubuntu2.20+esm18
Ubuntu:Pro:16.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm13?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
7.47.0-1ubuntu2.19+esm12
7.47.0-1ubuntu2.19+esm13
Ubuntu:Pro:18.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.24+esm5?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23
7.58.0-2ubuntu3.24
7.58.0-2ubuntu3.24+esm1
7.58.0-2ubuntu3.24+esm2
7.58.0-2ubuntu3.24+esm3
7.58.0-2ubuntu3.24+esm4
7.58.0-2ubuntu3.24+esm5
Ubuntu:20.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.68.0-1ubuntu2.25?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.68.0-1ubuntu2.25
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
7.68.0-1ubuntu2.10
7.68.0-1ubuntu2.11
7.68.0-1ubuntu2.12
7.68.0-1ubuntu2.13
7.68.0-1ubuntu2.14
7.68.0-1ubuntu2.15
7.68.0-1ubuntu2.16
7.68.0-1ubuntu2.18
7.68.0-1ubuntu2.19
7.68.0-1ubuntu2.20
7.68.0-1ubuntu2.21
7.68.0-1ubuntu2.22
7.68.0-1ubuntu2.23
7.68.0-1ubuntu2.24
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "curl"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl3-gnutls-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl3-nss-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl4"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl4-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.68.0-1ubuntu2.25",
"binary_name": "libcurl4-openssl-dev"
}
],
"priority_reason": "curl developers have rated this issue as low severity"
}
Ubuntu:22.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.20?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.81.0-1ubuntu1.20
Affected versions
7.*
7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8
7.81.0-1ubuntu1.10
7.81.0-1ubuntu1.11
7.81.0-1ubuntu1.13
7.81.0-1ubuntu1.14
7.81.0-1ubuntu1.15
7.81.0-1ubuntu1.16
7.81.0-1ubuntu1.17
7.81.0-1ubuntu1.18
7.81.0-1ubuntu1.19
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl3-gnutls-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl3-nss-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl4"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl4-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.20",
"binary_name": "libcurl4-openssl-dev"
}
],
"priority_reason": "curl developers have rated this issue as low severity"
}
Ubuntu:24.10 / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@8.9.1-2ubuntu2.2?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.9.1-2ubuntu2.2
Affected versions
8.*
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.8.0-1ubuntu1
8.8.0-3ubuntu3
8.9.1-2ubuntu1
8.9.1-2ubuntu2
8.9.1-2ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "curl"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "libcurl3t64-gnutls-dbgsym"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "libcurl4-openssl-dev"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "libcurl4t64"
},
{
"binary_version": "8.9.1-2ubuntu2.2",
"binary_name": "libcurl4t64-dbgsym"
}
],
"priority_reason": "curl developers have rated this issue as low severity"
}
Ubuntu:24.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.6?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.0-2ubuntu10.6
Affected versions
8.*
8.2.1-1ubuntu3
8.2.1-1ubuntu3.1
8.4.0-2ubuntu1
8.5.0-2ubuntu1
8.5.0-2ubuntu2
8.5.0-2ubuntu8
8.5.0-2ubuntu9
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.5.0-2ubuntu10.2
8.5.0-2ubuntu10.3
8.5.0-2ubuntu10.4
8.5.0-2ubuntu10.5
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "curl"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "libcurl3t64-gnutls-dbgsym"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "libcurl4-openssl-dev"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "libcurl4t64"
},
{
"binary_version": "8.5.0-2ubuntu10.6",
"binary_name": "libcurl4t64-dbgsym"
}
],
"priority_reason": "curl developers have rated this issue as low severity"
}