#Tag · Gnar 🔥 social

#curl 8.18.0 has been released. This release fixes 1 medium and 5 low level vulnerabilities:
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html

I discovered the last 2 vulnerabilities.

Download curl 8.18.0 from https://curl.se/download.html

#vulnerabilityresearch #vulnerability #cybersecurity #infosec

curl - Download

curl - libssh key passphrase bypass without agent set - CVE-2025-15224

curl - libssh global knownhost override - CVE-2025-15079

curl - OpenSSL partial chain store policy bypass - CVE-2025-14819

curl - bearer token leak on cross-protocol redirect - CVE-2025-14524

curl - broken TLS options for threaded LDAPS - CVE-2025-14017

Harry Sintonen

@harrysintonen@infosec.exchange · 5 days ago

I discovered the last 2 vulnerabilities.

Download curl 8.18.0 from https://curl.se/download.html

#vulnerabilityresearch #vulnerability #cybersecurity #infosec

curl - Download

curl - libssh key passphrase bypass without agent set - CVE-2025-15224

curl - libssh global knownhost override - CVE-2025-15079

curl - OpenSSL partial chain store policy bypass - CVE-2025-14819

curl - bearer token leak on cross-protocol redirect - CVE-2025-14524

curl - broken TLS options for threaded LDAPS - CVE-2025-14017

Gnar 🔥 social

This is a Bonfire Federated social instance for those that enjoy gnarly adventures. Whether it's shredding mountains or slaying guitars, from action sports to art.

Gnar 🔥 social: About · Code of conduct · Privacy · Users · Instances

Gnar;🔥 social · 1.0.0-rc.3.6 no JS en

Automatic federation enabled