CVE-2014-0138
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0068 (0.7%)
Percentile: 71.6%
EPSS: 2026-05-06
Affects
haxx:curlhaxx:libcurldebian:debian_linuxTechnical description
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Published: 4/15/2014, 2:55:04 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://curl.haxx.se/docs/adv_20140326A.html
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/57836
- http://secunia.com/advisories/57966
- http://secunia.com/advisories/57968
- http://secunia.com/advisories/58615
- http://secunia.com/advisories/59458