JLSEC-2025-33

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-33.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-33.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2025-33
Upstream
Published
2025-10-10T15:04:01.319Z
Modified
2025-11-03T00:19:26.606427Z
Summary
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previousl...
Details

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "id": "CVE-2023-27538",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-27538",
            "imported": "2025-10-10T14:33:22.323Z",
            "published": "2023-03-30T20:15:07.677Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538",
            "modified": "2025-06-09T15:15:29.150Z"
        }
    ]
}
References

Affected packages

Julia / CURL_jll

Package

Name
CURL_jll
Purl
pkg:julia/CURL_jll?uuid=b21e61f3-bafc-59ac-ab14-4c5c62d6588d

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.0+0

Julia / LibCURL_jll

Package

Name
LibCURL_jll
Purl
pkg:julia/LibCURL_jll?uuid=deac9b47-8bc7-5906-a0fe-35ac56dc84c0

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.1+0