CVE-2024-11053

Name
CVE-2024-11053
Description
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
2499f714-1537-4658-8207-48ae4bb9eae9 https://curl.se/docs/CVE-2024-11053.html
2499f714-1537-4658-8207-48ae4bb9eae9 https://curl.se/docs/CVE-2024-11053.json
2499f714-1537-4658-8207-48ae4bb9eae9 https://hackerone.com/reports/2829063
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2024/12/11/1

Match rules

CPE URI Source package Min version Max version
curl >= 0 <= 8.11.0
curl >= 0 <= 8.10.1
curl >= 0 <= 8.10.0
curl >= 0 <= 8.9.1
curl >= 0 <= 8.9.0
curl >= 0 <= 8.8.0
curl >= 0 <= 8.7.1
curl >= 0 <= 8.7.0
curl >= 0 <= 8.6.0
curl >= 0 <= 8.5.0
curl >= 0 <= 8.4.0
curl >= 0 <= 8.3.0
curl >= 0 <= 8.2.1
curl >= 0 <= 8.2.0
curl >= 0 <= 8.1.2
curl >= 0 <= 8.1.1
curl >= 0 <= 8.1.0
curl >= 0 <= 8.0.1
curl >= 0 <= 8.0.0
curl >= 0 <= 7.88.1
curl >= 0 <= 7.88.0
curl >= 0 <= 7.87.0
curl >= 0 <= 7.86.0
curl >= 0 <= 7.85.0
curl >= 0 <= 7.84.0
curl >= 0 <= 7.83.1
curl >= 0 <= 7.83.0
curl >= 0 <= 7.82.0
curl >= 0 <= 7.81.0
curl >= 0 <= 7.80.0
curl >= 0 <= 7.79.1
curl >= 0 <= 7.79.0
curl >= 0 <= 7.78.0
curl >= 0 <= 7.77.0
curl >= 0 <= 7.76.1
curl >= 0 <= 7.76.0
curl >= 0 <= 7.75.0
curl >= 0 <= 7.74.0
curl >= 0 <= 7.73.0
curl >= 0 <= 7.72.0
curl >= 0 <= 7.71.1
curl >= 0 <= 7.71.0
curl >= 0 <= 7.70.0
curl >= 0 <= 7.69.1
curl >= 0 <= 7.69.0
curl >= 0 <= 7.68.0
curl >= 0 <= 7.67.0
curl >= 0 <= 7.66.0
curl >= 0 <= 7.65.3
curl >= 0 <= 7.65.2
curl >= 0 <= 7.65.1
curl >= 0 <= 7.65.0
curl >= 0 <= 7.64.1
curl >= 0 <= 7.64.0
curl >= 0 <= 7.63.0
curl >= 0 <= 7.62.0
curl >= 0 <= 7.61.1
curl >= 0 <= 7.61.0
curl >= 0 <= 7.60.0
curl >= 0 <= 7.59.0
curl >= 0 <= 7.58.0
curl >= 0 <= 7.57.0
curl >= 0 <= 7.56.1
curl >= 0 <= 7.56.0
curl >= 0 <= 7.55.1
curl >= 0 <= 7.55.0
curl >= 0 <= 7.54.1
curl >= 0 <= 7.54.0
curl >= 0 <= 7.53.1
curl >= 0 <= 7.53.0
curl >= 0 <= 7.52.1
curl >= 0 <= 7.52.0
curl >= 0 <= 7.51.0
curl >= 0 <= 7.50.3
curl >= 0 <= 7.50.2
curl >= 0 <= 7.50.1
curl >= 0 <= 7.50.0
curl >= 0 <= 7.49.1
curl >= 0 <= 7.49.0
curl >= 0 <= 7.48.0
curl >= 0 <= 7.47.1
curl >= 0 <= 7.47.0
curl >= 0 <= 7.46.0
curl >= 0 <= 7.45.0
curl >= 0 <= 7.44.0
curl >= 0 <= 7.43.0
curl >= 0 <= 7.42.1
curl >= 0 <= 7.42.0
curl >= 0 <= 7.41.0
curl >= 0 <= 7.40.0
curl >= 0 <= 7.39.0
curl >= 0 <= 7.38.0
curl >= 0 <= 7.37.1
curl >= 0 <= 7.37.0
curl >= 0 <= 7.36.0
curl >= 0 <= 7.35.0
curl >= 0 <= 7.34.0
curl >= 0 <= 7.33.0
curl >= 0 <= 7.32.0
curl >= 0 <= 7.31.0
curl >= 0 <= 7.30.0
curl >= 0 <= 7.29.0
curl >= 0 <= 7.28.1
curl >= 0 <= 7.28.0
curl >= 0 <= 7.27.0
curl >= 0 <= 7.26.0
curl >= 0 <= 7.25.0
curl >= 0 <= 7.24.0
curl >= 0 <= 7.23.1
curl >= 0 <= 7.23.0
curl >= 0 <= 7.22.0
curl >= 0 <= 7.21.7
curl >= 0 <= 7.21.6
curl >= 0 <= 7.21.5
curl >= 0 <= 7.21.4
curl >= 0 <= 7.21.3
curl >= 0 <= 7.21.2
curl >= 0 <= 7.21.1
curl >= 0 <= 7.21.0
curl >= 0 <= 7.20.1
curl >= 0 <= 7.20.0
curl >= 0 <= 7.19.7
curl >= 0 <= 7.19.6
curl >= 0 <= 7.19.5
curl >= 0 <= 7.19.4
curl >= 0 <= 7.19.3
curl >= 0 <= 7.19.2
curl >= 0 <= 7.19.1
curl >= 0 <= 7.19.0
curl >= 0 <= 7.18.2
curl >= 0 <= 7.18.1
curl >= 0 <= 7.18.0
curl >= 0 <= 7.17.1
curl >= 0 <= 7.17.0
curl >= 0 <= 7.16.4
curl >= 0 <= 7.16.3
curl >= 0 <= 7.16.2
curl >= 0 <= 7.16.1
curl >= 0 <= 7.16.0
curl >= 0 <= 7.15.5
curl >= 0 <= 7.15.4
curl >= 0 <= 7.15.3
curl >= 0 <= 7.15.2
curl >= 0 <= 7.15.1
curl >= 0 <= 7.15.0
curl >= 0 <= 7.14.1
curl >= 0 <= 7.14.0
curl >= 0 <= 7.13.2
curl >= 0 <= 7.13.1
curl >= 0 <= 7.13.0
curl >= 0 <= 7.12.3
curl >= 0 <= 7.12.2
curl >= 0 <= 7.12.1
curl >= 0 <= 7.12.0
curl >= 0 <= 7.11.2
curl >= 0 <= 7.11.1
curl >= 0 <= 7.11.0
curl >= 0 <= 7.10.8
curl >= 0 <= 7.10.7
curl >= 0 <= 7.10.6
curl >= 0 <= 7.10.5
curl >= 0 <= 7.10.4
curl >= 0 <= 7.10.3
curl >= 0 <= 7.10.2
curl >= 0 <= 7.10.1
curl >= 0 <= 7.10
curl >= 0 <= 7.9.8
curl >= 0 <= 7.9.7
curl >= 0 <= 7.9.6
curl >= 0 <= 7.9.5
curl >= 0 <= 7.9.4
curl >= 0 <= 7.9.3
curl >= 0 <= 7.9.2
curl >= 0 <= 7.9.1
curl >= 0 <= 7.9
curl >= 0 <= 7.8.1
curl >= 0 <= 7.8
curl >= 0 <= 7.7.3
curl >= 0 <= 7.7.2
curl >= 0 <= 7.7.1
curl >= 0 <= 7.7
curl >= 0 <= 7.6.1
curl >= 0 <= 7.6
curl >= 0 <= 7.5.2
curl >= 0 <= 7.5.1
curl >= 0 <= 7.5
curl >= 0 <= 7.4.2
curl >= 0 <= 7.4.1
curl >= 0 <= 7.4
curl >= 0 <= 7.3
curl >= 0 <= 7.2.1
curl >= 0 <= 7.2
curl >= 0 <= 7.1.1
curl >= 0 <= 7.1
curl >= 0 <= 6.5.2
curl >= 0 <= 6.5.1
curl >= 0 <= 6.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
curl edge-main 8.11.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 8.11.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.21-main 8.11.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.20-main 8.11.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.19-main 8.11.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.18-main 8.11.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed