Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2~bpo13%2B1
purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2~bpo13%2B1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (12)
Vulnerability Summary Aliases
VCID-2cx5-1qnw-uufj curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication CVE-2026-1965
VCID-2szj-xvgq-pkfr curl: QUIC certificate check bypass with wolfSSL CVE-2024-2379
VCID-5xp7-mcsa-uqd4 When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. CVE-2025-14819
VCID-6we4-n888-6qhe libcurl: Buffer Overflow in libcurl via zlib Integer Overflow CVE-2025-0725
VCID-8zks-th64-33b8 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse CVE-2026-3784
VCID-etzn-uhck-h7b2 curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect CVE-2026-3783
VCID-ksap-zrmb-ebcu curl: predictable WebSocket mask CVE-2025-10148
VCID-mkyr-w79c-qqfz curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers CVE-2025-14017
VCID-nvzd-v3bs-6qek When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. CVE-2025-15079
VCID-qpux-jh6k-8qhx curl: Curl missing SFTP host verification with wolfSSH backend CVE-2025-10966
VCID-vbbv-k1r7-kkas When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. CVE-2025-15224
VCID-x57x-w8g8-7ybz When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:13:26.041368+00:00 Debian Importer Fixing VCID-5xp7-mcsa-uqd4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:00:11.192565+00:00 Debian Importer Fixing VCID-2cx5-1qnw-uufj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:46:53.885865+00:00 Debian Importer Fixing VCID-ksap-zrmb-ebcu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:45:48.338887+00:00 Debian Importer Fixing VCID-qpux-jh6k-8qhx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:33:51.065493+00:00 Debian Importer Fixing VCID-etzn-uhck-h7b2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:26:41.819529+00:00 Debian Importer Fixing VCID-nvzd-v3bs-6qek https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:43:54.867111+00:00 Debian Importer Fixing VCID-mkyr-w79c-qqfz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:24:08.920905+00:00 Debian Importer Fixing VCID-vbbv-k1r7-kkas https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:18:21.307824+00:00 Debian Importer Fixing VCID-2szj-xvgq-pkfr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:13:40.166577+00:00 Debian Importer Fixing VCID-x57x-w8g8-7ybz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:00:40.719742+00:00 Debian Importer Fixing VCID-8zks-th64-33b8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:48:23.212757+00:00 Debian Importer Fixing VCID-6we4-n888-6qhe https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:21:43.851875+00:00 Debian Importer Fixing VCID-5xp7-mcsa-uqd4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:11:49.980130+00:00 Debian Importer Fixing VCID-2cx5-1qnw-uufj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:17:42.749020+00:00 Debian Importer Fixing VCID-ksap-zrmb-ebcu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:16:48.167227+00:00 Debian Importer Fixing VCID-qpux-jh6k-8qhx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:08:06.029241+00:00 Debian Importer Fixing VCID-etzn-uhck-h7b2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:02:45.645459+00:00 Debian Importer Fixing VCID-nvzd-v3bs-6qek https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:29:41.326638+00:00 Debian Importer Fixing VCID-mkyr-w79c-qqfz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:16:33.635011+00:00 Debian Importer Fixing VCID-vbbv-k1r7-kkas https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:13:06.027935+00:00 Debian Importer Fixing VCID-2szj-xvgq-pkfr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:10:20.365820+00:00 Debian Importer Fixing VCID-x57x-w8g8-7ybz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:02:30.214300+00:00 Debian Importer Fixing VCID-8zks-th64-33b8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:55:02.781494+00:00 Debian Importer Fixing VCID-6we4-n888-6qhe https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-02T17:14:44.140455+00:00 Debian Importer Fixing VCID-qpux-jh6k-8qhx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:14:08.229873+00:00 Debian Importer Fixing VCID-5xp7-mcsa-uqd4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:13:25.606989+00:00 Debian Importer Fixing VCID-2cx5-1qnw-uufj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:11:50.845035+00:00 Debian Importer Fixing VCID-ksap-zrmb-ebcu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:10:06.183198+00:00 Debian Importer Fixing VCID-nvzd-v3bs-6qek https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:08:36.578075+00:00 Debian Importer Fixing VCID-etzn-uhck-h7b2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:08:18.418275+00:00 Debian Importer Fixing VCID-vbbv-k1r7-kkas https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:07:54.274067+00:00 Debian Importer Fixing VCID-mkyr-w79c-qqfz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:04:31.044492+00:00 Debian Importer Fixing VCID-2szj-xvgq-pkfr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:04:16.141746+00:00 Debian Importer Fixing VCID-x57x-w8g8-7ybz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:03:34.362471+00:00 Debian Importer Fixing VCID-8zks-th64-33b8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:02:48.297859+00:00 Debian Importer Fixing VCID-6we4-n888-6qhe https://security-tracker.debian.org/tracker/data/json 38.1.0