CVE-2024-11053

Publication date 11 December 2024

Last updated 16 December 2024


Ubuntu priority

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Why is this CVE low priority?

curl developers have rated this issue as low severity

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
curl 24.10 oracular
Fixed 8.9.1-2ubuntu2.2
24.04 LTS noble
Fixed 8.5.0-2ubuntu10.6
22.04 LTS jammy
Fixed 7.81.0-1ubuntu1.20
20.04 LTS focal
Fixed 7.68.0-1ubuntu2.25
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty Ignored end of ESM support, was needs-triage

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
curl

References

Related Ubuntu Security Notices (USN)

Other references