Jump to:

CVE-2024-11053

Jump to:

CVE-2024-11053

Package curl updated to version 8.11.1-alt1 for branch sisyphus_riscv64.

Published: 2024-12-11
Modified: 2025-01-31

CVE-2024-11053

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

References:

http://www.openwall.com/lists/oss-security/2024/12/11/1
www
json
issue
https://security.netapp.com/advisory/ntap-20250124-0012/
https://security.netapp.com/advisory/ntap-20250131-0003/

Version: 2.1.0

Package curl update in sisyphus_riscv64 on 2024-12-11

ALT-PU-2024-16965-1

Closed vulnerabilities

CVE-2024-11053