{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "8.12.1.tuxcare.els1-r0:\n - CVE-2025-13034\n - CVE-2025-14819\n - CVE-2025-15079", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/alpinelinux3.18els/advisories/2026/clsa-2026_1772721939.json" } ], "tracking": { "current_release_date": "2026-03-05T14:46:50Z", "generator": { "date": "2026-03-05T14:46:50Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1772721939", "initial_release_date": "2026-03-05T14:46:50Z", "revision_history": [ { "date": "2026-03-05T14:46:50Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "curl: Fix of 3 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.18", "product": { "name": "Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.18:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-15079", "cwe": { "id": "CWE-297", "name": "Improper Validation of Certificate with Host Mismatch" }, "notes": [ { "category": "description", "text": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-15079" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2025-15079.html", "url": "https://curl.se/docs/CVE-2025-15079.html" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2025-15079.json", "url": "https://curl.se/docs/CVE-2025-15079.json" }, { "category": "external", "summary": "https://hackerone.com/reports/3477116", "url": "https://hackerone.com/reports/3477116" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2026/01/07/6", "url": "http://www.openwall.com/lists/oss-security/2026/01/07/6" } ], "release_date": "2026-01-08T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-05T14:45:42.515203Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-13034", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "description", "text": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-13034" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2025-13034.html", "url": "https://curl.se/docs/CVE-2025-13034.html" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2025-13034.json", "url": "https://curl.se/docs/CVE-2025-13034.json" } ], "release_date": "2026-01-08T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-05T14:45:42.515203Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-14819", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "description", "text": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-14819" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2025-14819.html", "url": "https://curl.se/docs/CVE-2025-14819.html" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2025-14819.json", "url": "https://curl.se/docs/CVE-2025-14819.json" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2026/01/07/5", "url": "http://www.openwall.com/lists/oss-security/2026/01/07/5" } ], "release_date": "2026-01-08T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-05T14:45:42.515203Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772721939" } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }