AZL-56478

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56478.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-56478

Upstream

CVE-2025-0167

Published

2025-02-05T10:15:22Z

Modified

2026-04-01T05:18:54.078744Z

Summary

CVE-2025-0167 affecting package curl for versions less than 8.8.0-6

Details

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0167

Affected packages

Azure Linux:2 / curl

Package

Name: curl
Purl: pkg:rpm/azure-linux/curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.8.0-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56478.json"