When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPT_SSH_KEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the known_hosts file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.81.0-1ubuntu1.25"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.81.0-1ubuntu1.25"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.81.0-1ubuntu1.25"
},
{
"binary_name": "libcurl4",
"binary_version": "7.81.0-1ubuntu1.25"
}
],
"priority_reason": "Upstream defined this as low severity"
}
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.5.0-2ubuntu10.10"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.5.0-2ubuntu10.10"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.5.0-2ubuntu10.10"
}
],
"priority_reason": "Upstream defined this as low severity"
}
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.14.1-2ubuntu1.4"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.14.1-2ubuntu1.4"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.14.1-2ubuntu1.4"
}
],
"priority_reason": "Upstream defined this as low severity"
}
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.18.0-1ubuntu2.2"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.18.0-1ubuntu2.2"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.18.0-1ubuntu2.2"
}
],
"priority_reason": "Upstream defined this as low severity"
}