A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPT_REFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.18.0-1ubuntu2.1"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.18.0-1ubuntu2.1"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.18.0-1ubuntu2.1"
}
],
"priority_reason": "Upstream defined this as low severity"
}