Information disclosure due to persistent Referer header
Summary
A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers. A flaw was found in libcurl. This vulnerability causes the HTTP Referer header to persist even after it has been explicitly cleared. This can lead to the previous referrer string being unintentionally reused and sent in subsequent requests, potentially disclosing sensitive information to unintended servers. Important: A flaw in libcurl allows for sensitive information disclosure. Despite attempts to explicitly clear the HTTP Referer header, its internal state persists, leading to the unintended reuse and transmission of previous referrer strings in subsequent requests. This could expose sensitive data to unintended third-party servers in Red Hat products and services that rely on libcurl for HTTP communications. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-201. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Official advisory · high-confidence parse· fetched 36 seconds ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.