CVE-2011-2192 — Libcurl vulnerability

CWE-2559 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

2.0%

top 16.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Apple MAC OS X Haxx Libcurl +3 more

Timeline

PublishedJul 7

Latest updateMay 13

Description

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDhaxx/libcurl7.10.6 — 7.21.6

▶Debianhaxx/curl< 7.21.6-2+3

▶NVDapple/mac_os_x< 10.7.3

Also affects: Debian Linux 5.0, 6.0, 7.0, Fedora 14, 15, Ubuntu Linux 10.04, 10.10, 11.04, 8.04

🔴Vulnerability Details

GHSA

GHSA-2jvc-33pv-cq2m: The Curl_input_negotiate function in http_negotiate↗2022-05-13

▶

CVEList

CVE-2011-2192: The Curl_input_negotiate function in http_negotiate↗2011-07-07

▶

OSV

CVE-2011-2192: The Curl_input_negotiate function in http_negotiate↗2011-07-07

▶

📋Vendor Advisories

Ubuntu

curl vulnerabilities↗2011-06-24

▶

Red Hat

curl: Improper delegation of client credentials during GSS negotiation↗2011-06-23

▶

Debian

CVE-2011-2192: curl - The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through ...↗2011

▶

💬Community

Bugzilla

CVE-2011-2192 curl: Improper delegation of client credentials during GSS negotiation [fedora-all]↗2011-06-23

▶

Bugzilla

CVE-2011-2192 curl: Improper delegation of client credentials during GSS negotiation↗2011-06-07

▶