When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPT_SSH_KEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the known_hosts file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.
{
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "libcurl4"
}
]
}
{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "8.5.0-2ubuntu10.10",
"binary_name": "curl"
},
{
"binary_version": "8.5.0-2ubuntu10.10",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.5.0-2ubuntu10.10",
"binary_name": "libcurl4t64"
}
],
"availability": "No subscription required"
}
{
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "curl"
},
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "libcurl4t64"
}
]
}
{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "curl"
},
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "libcurl4t64"
}
],
"availability": "No subscription required"
}