{"id":"CURL-CVE-2023-27536","summary":"GSS delegation too eager connection reuse","details":"libcurl would reuse a previously created connection even when the GSS\ndelegation (`CURLOPT_GSSAPI_DELEGATION`) option had been changed that could\nhave changed the user's permissions in a second transfer.\n\nlibcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup. However, this GSS\ndelegation setting was left out from the configuration match checks, making\nthem match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.","aliases":["CVE-2023-27536"],"modified":"2025-09-27T10:58:29Z","published":"2023-03-20T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2023-27536.json","issue":"https://hackerone.com/reports/1895135","last_affected":"7.88.1","award":{"currency":"USD","amount":"480"},"package":"curl","www":"https://curl.se/docs/CVE-2023-27536.html","severity":"Low","CWE":{"id":"CWE-305","desc":"Authentication Bypass by Primary Weakness"},"affects":"lib"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.22.0"},{"fixed":"8.0.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"ebf42c4be76df40ec6d3bf32f229bbb274e2c32f"},{"fixed":"cb49e67303dbafbab1cebf4086e3ec15b7d56ee5"}]}],"versions":["7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2023-27536.json","vanir_signatures":[{"signature_version":"v1","id":"CURL-CVE-2023-27536-14d73187","digest":{"threshold":0.9,"line_hashes":["230325747693908286742755853286649102384","145252991975219580316222024362591609370","196093452222553889258473129050911607180","317116322672972527722482517908771815248","174491927218719820078107688874051065486","129063894105842859405226394679195244511","72874886920337093364275045572792901814"]},"deprecated":false,"source":"https://github.com/curl/curl.git/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5","target":{"file":"lib/url.c"},"signature_type":"Line"},{"signature_version":"v1","id":"CURL-CVE-2023-27536-3dcf09fb","digest":{"function_hash":"254363275026704697470084312006630063939","length":3164},"deprecated":false,"source":"https://github.com/curl/curl.git/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5","target":{"function":"allocate_conn","file":"lib/url.c"},"signature_type":"Function"},{"signature_version":"v1","id":"CURL-CVE-2023-27536-6937697c","digest":{"threshold":0.9,"line_hashes":["316236544013674099326961451394563837069","76996540853039933077181570477687111108","253427558255910990178905173980771571213","103405422604216501682093033235317711833"]},"deprecated":false,"source":"https://github.com/curl/curl.git/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5","target":{"file":"lib/urldata.h"},"signature_type":"Line"},{"signature_version":"v1","id":"CURL-CVE-2023-27536-b8801c0a","digest":{"function_hash":"293481182274791727888021447531608067053","length":7546},"deprecated":false,"source":"https://github.com/curl/curl.git/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5","target":{"function":"ConnectionExists","file":"lib/url.c"},"signature_type":"Function"}]}}],"schema_version":"1.7.3","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}