CVE-2025-14017
EUVD-2026-158108.01.2026, 10:15
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 7.17.0 ≤ 𝑥 < 8.18.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| curl | curl | 𝑥 ≤ 8.17.0 | CNA |
| curl | curl | 𝑥 ≤ 8.16.0 | CNA |
| curl | curl | 𝑥 ≤ 8.15.0 | CNA |
| curl | curl | 𝑥 ≤ 8.14.1 | CNA |
| curl | curl | 𝑥 ≤ 8.14.0 | CNA |
| curl | curl | 𝑥 ≤ 8.13.0 | CNA |
| curl | curl | 𝑥 ≤ 8.12.1 | CNA |
| curl | curl | 𝑥 ≤ 8.12.0 | CNA |
| curl | curl | 𝑥 ≤ 8.11.1 | CNA |
| curl | curl | 𝑥 ≤ 8.11.0 | CNA |
| curl | curl | 𝑥 ≤ 8.10.1 | CNA |
| curl | curl | 𝑥 ≤ 8.10.0 | CNA |
| curl | curl | 𝑥 ≤ 8.9.1 | CNA |
| curl | curl | 𝑥 ≤ 8.9.0 | CNA |
| curl | curl | 𝑥 ≤ 8.8.0 | CNA |
| curl | curl | 𝑥 ≤ 8.7.1 | CNA |
| curl | curl | 𝑥 ≤ 8.7.0 | CNA |
| curl | curl | 𝑥 ≤ 8.6.0 | CNA |
| curl | curl | 𝑥 ≤ 8.5.0 | CNA |
| curl | curl | 𝑥 ≤ 8.4.0 | CNA |
| curl | curl | 𝑥 ≤ 8.3.0 | CNA |
| curl | curl | 𝑥 ≤ 8.2.1 | CNA |
| curl | curl | 𝑥 ≤ 8.2.0 | CNA |
| curl | curl | 𝑥 ≤ 8.1.2 | CNA |
| curl | curl | 𝑥 ≤ 8.1.1 | CNA |
| curl | curl | 𝑥 ≤ 8.1.0 | CNA |
| curl | curl | 𝑥 ≤ 8.0.1 | CNA |
| curl | curl | 𝑥 ≤ 8.0.0 | CNA |
| curl | curl | 𝑥 ≤ 7.88.1 | CNA |
| curl | curl | 𝑥 ≤ 7.88.0 | CNA |
| curl | curl | 𝑥 ≤ 7.87.0 | CNA |
| curl | curl | 𝑥 ≤ 7.86.0 | CNA |
| curl | curl | 𝑥 ≤ 7.85.0 | CNA |
| curl | curl | 𝑥 ≤ 7.84.0 | CNA |
| curl | curl | 𝑥 ≤ 7.83.1 | CNA |
| curl | curl | 𝑥 ≤ 7.83.0 | CNA |
| curl | curl | 𝑥 ≤ 7.82.0 | CNA |
| curl | curl | 𝑥 ≤ 7.81.0 | CNA |
| curl | curl | 𝑥 ≤ 7.80.0 | CNA |
| curl | curl | 𝑥 ≤ 7.79.1 | CNA |
| curl | curl | 𝑥 ≤ 7.79.0 | CNA |
| curl | curl | 𝑥 ≤ 7.78.0 | CNA |
| curl | curl | 𝑥 ≤ 7.77.0 | CNA |
| curl | curl | 𝑥 ≤ 7.76.1 | CNA |
| curl | curl | 𝑥 ≤ 7.76.0 | CNA |
| curl | curl | 𝑥 ≤ 7.75.0 | CNA |
| curl | curl | 𝑥 ≤ 7.74.0 | CNA |
| curl | curl | 𝑥 ≤ 7.73.0 | CNA |
| curl | curl | 𝑥 ≤ 7.72.0 | CNA |
| curl | curl | 𝑥 ≤ 7.71.1 | CNA |
| curl | curl | 𝑥 ≤ 7.71.0 | CNA |
| curl | curl | 𝑥 ≤ 7.70.0 | CNA |
| curl | curl | 𝑥 ≤ 7.69.1 | CNA |
| curl | curl | 𝑥 ≤ 7.69.0 | CNA |
| curl | curl | 𝑥 ≤ 7.68.0 | CNA |
| curl | curl | 𝑥 ≤ 7.67.0 | CNA |
| curl | curl | 𝑥 ≤ 7.66.0 | CNA |
| curl | curl | 𝑥 ≤ 7.65.3 | CNA |
| curl | curl | 𝑥 ≤ 7.65.2 | CNA |
| curl | curl | 𝑥 ≤ 7.65.1 | CNA |
| curl | curl | 𝑥 ≤ 7.65.0 | CNA |
| curl | curl | 𝑥 ≤ 7.64.1 | CNA |
| curl | curl | 𝑥 ≤ 7.64.0 | CNA |
| curl | curl | 𝑥 ≤ 7.63.0 | CNA |
| curl | curl | 𝑥 ≤ 7.62.0 | CNA |
| curl | curl | 𝑥 ≤ 7.61.1 | CNA |
| curl | curl | 𝑥 ≤ 7.61.0 | CNA |
| curl | curl | 𝑥 ≤ 7.60.0 | CNA |
| curl | curl | 𝑥 ≤ 7.59.0 | CNA |
| curl | curl | 𝑥 ≤ 7.58.0 | CNA |
| curl | curl | 𝑥 ≤ 7.57.0 | CNA |
| curl | curl | 𝑥 ≤ 7.56.1 | CNA |
| curl | curl | 𝑥 ≤ 7.56.0 | CNA |
| curl | curl | 𝑥 ≤ 7.55.1 | CNA |
| curl | curl | 𝑥 ≤ 7.55.0 | CNA |
| curl | curl | 𝑥 ≤ 7.54.1 | CNA |
| curl | curl | 𝑥 ≤ 7.54.0 | CNA |
| curl | curl | 𝑥 ≤ 7.53.1 | CNA |
| curl | curl | 𝑥 ≤ 7.53.0 | CNA |
| curl | curl | 𝑥 ≤ 7.52.1 | CNA |
| curl | curl | 𝑥 ≤ 7.52.0 | CNA |
| curl | curl | 𝑥 ≤ 7.51.0 | CNA |
| curl | curl | 𝑥 ≤ 7.50.3 | CNA |
| curl | curl | 𝑥 ≤ 7.50.2 | CNA |
| curl | curl | 𝑥 ≤ 7.50.1 | CNA |
| curl | curl | 𝑥 ≤ 7.50.0 | CNA |
| curl | curl | 𝑥 ≤ 7.49.1 | CNA |
| curl | curl | 𝑥 ≤ 7.49.0 | CNA |
| curl | curl | 𝑥 ≤ 7.48.0 | CNA |
| curl | curl | 𝑥 ≤ 7.47.1 | CNA |
| curl | curl | 𝑥 ≤ 7.47.0 | CNA |
| curl | curl | 𝑥 ≤ 7.46.0 | CNA |
| curl | curl | 𝑥 ≤ 7.45.0 | CNA |
| curl | curl | 𝑥 ≤ 7.44.0 | CNA |
| curl | curl | 𝑥 ≤ 7.43.0 | CNA |
| curl | curl | 𝑥 ≤ 7.42.1 | CNA |
| curl | curl | 𝑥 ≤ 7.42.0 | CNA |
| curl | curl | 𝑥 ≤ 7.41.0 | CNA |
| curl | curl | 𝑥 ≤ 7.40.0 | CNA |
| curl | curl | 𝑥 ≤ 7.39.0 | CNA |
| curl | curl | 𝑥 ≤ 7.38.0 | CNA |
| curl | curl | 𝑥 ≤ 7.37.1 | CNA |
| curl | curl | 𝑥 ≤ 7.37.0 | CNA |
| curl | curl | 𝑥 ≤ 7.36.0 | CNA |
| curl | curl | 𝑥 ≤ 7.35.0 | CNA |
| curl | curl | 𝑥 ≤ 7.34.0 | CNA |
| curl | curl | 𝑥 ≤ 7.33.0 | CNA |
| curl | curl | 𝑥 ≤ 7.32.0 | CNA |
| curl | curl | 𝑥 ≤ 7.31.0 | CNA |
| curl | curl | 𝑥 ≤ 7.30.0 | CNA |
| curl | curl | 𝑥 ≤ 7.29.0 | CNA |
| curl | curl | 𝑥 ≤ 7.28.1 | CNA |
| curl | curl | 𝑥 ≤ 7.28.0 | CNA |
| curl | curl | 𝑥 ≤ 7.27.0 | CNA |
| curl | curl | 𝑥 ≤ 7.26.0 | CNA |
| curl | curl | 𝑥 ≤ 7.25.0 | CNA |
| curl | curl | 𝑥 ≤ 7.24.0 | CNA |
| curl | curl | 𝑥 ≤ 7.23.1 | CNA |
| curl | curl | 𝑥 ≤ 7.23.0 | CNA |
| curl | curl | 𝑥 ≤ 7.22.0 | CNA |
| curl | curl | 𝑥 ≤ 7.21.7 | CNA |
| curl | curl | 𝑥 ≤ 7.21.6 | CNA |
| curl | curl | 𝑥 ≤ 7.21.5 | CNA |
| curl | curl | 𝑥 ≤ 7.21.4 | CNA |
| curl | curl | 𝑥 ≤ 7.21.3 | CNA |
| curl | curl | 𝑥 ≤ 7.21.2 | CNA |
| curl | curl | 𝑥 ≤ 7.21.1 | CNA |
| curl | curl | 𝑥 ≤ 7.21.0 | CNA |
| curl | curl | 𝑥 ≤ 7.20.1 | CNA |
| curl | curl | 𝑥 ≤ 7.20.0 | CNA |
| curl | curl | 𝑥 ≤ 7.19.7 | CNA |
| curl | curl | 𝑥 ≤ 7.19.6 | CNA |
| curl | curl | 𝑥 ≤ 7.19.5 | CNA |
| curl | curl | 𝑥 ≤ 7.19.4 | CNA |
| curl | curl | 𝑥 ≤ 7.19.3 | CNA |
| curl | curl | 𝑥 ≤ 7.19.2 | CNA |
| curl | curl | 𝑥 ≤ 7.19.1 | CNA |
| curl | curl | 𝑥 ≤ 7.19.0 | CNA |
| curl | curl | 𝑥 ≤ 7.18.2 | CNA |
| curl | curl | 𝑥 ≤ 7.18.1 | CNA |
| curl | curl | 𝑥 ≤ 7.18.0 | CNA |
| curl | curl | 𝑥 ≤ 7.17.1 | CNA |
| curl | curl | 𝑥 ≤ 7.17.0 | CNA |
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
| ||||||||||
| libcurl-devel |
| ||||||||||
| libcurl4 |
| ||||||||||
| libcurl4-32bit |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| curl |
| ||||
| curl-debuginfo |
| ||||
| curl-debugsource |
| ||||
| curl-minimal |
| ||||
| curl-minimal-debuginfo |
| ||||
| libcurl |
| ||||
| libcurl-debuginfo |
| ||||
| libcurl-devel |
| ||||
| libcurl-minimal |
| ||||
| libcurl-minimal-debuginfo |
|
Azure Linux Releases
Vulnerability Media Exposure