CNNVD-202509-1818 Information

CNNVD ID

CNNVD-202509-1818

Related CVE

CVE-2025-9086

• CNNVD Published: 2025-09-12

Description (Chinese)

curl是cURL开源的一款用于从服务器传输数据或向服务器传输数据的工具。 curl存在安全漏洞，该漏洞源于路径比较逻辑中存在堆缓冲区边界读取错误，可能导致崩溃或安全cookie被明文站点覆盖。

Description (English)

Curl is a tool for the transfer of data from or to the server of the curL open source. There is a security loophole in Curl, which stems from a pile of border reading errors in the comparative path logic of the buffer zone, which could lead to a collapse or security cookie being covered by an explicit site.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

cURL

Published

2025-09-12

Last Modified

2026-02-24

References

https://curl.se/docs/CVE-2025-9086.json https://hackerone.com/reports/3294999 https://curl.se/docs/CVE-2025-9086.html https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html http://www.openwall.com/lists/oss-security/2025/09/10/1 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://github.com/curl/curl/releases