HomeDefault status
unaffected
8.17.0 (semver)
affected
8.16.0 (semver)
affected
8.15.0 (semver)
affected
8.14.1 (semver)
affected
8.14.0 (semver)
affected
8.13.0 (semver)
affected
8.12.1 (semver)
affected
8.12.0 (semver)
affected
8.11.1 (semver)
affected
8.11.0 (semver)
affected
8.10.1 (semver)
affected
8.10.0 (semver)
affected
8.9.1 (semver)
affected
8.9.0 (semver)
affected
8.8.0 (semver)
affected
8.7.1 (semver)
affected
8.7.0 (semver)
affected
8.6.0 (semver)
affected
8.5.0 (semver)
affected
8.4.0 (semver)
affected
8.3.0 (semver)
affected
8.2.1 (semver)
affected
8.2.0 (semver)
affected
8.1.2 (semver)
affected
8.1.1 (semver)
affected
8.1.0 (semver)
affected
8.0.1 (semver)
affected
8.0.0 (semver)
affected
7.88.1 (semver)
affected
7.88.0 (semver)
affected
7.87.0 (semver)
affected
Description
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.
Problem types
CWE-295 Improper Certificate Validation
Product status
8.17.0 (semver)
8.16.0 (semver)
8.15.0 (semver)
8.14.1 (semver)
8.14.0 (semver)
8.13.0 (semver)
8.12.1 (semver)
8.12.0 (semver)
8.11.1 (semver)
8.11.0 (semver)
8.10.1 (semver)
8.10.0 (semver)
8.9.1 (semver)
8.9.0 (semver)
8.8.0 (semver)
8.7.1 (semver)
8.7.0 (semver)
8.6.0 (semver)
8.5.0 (semver)
8.4.0 (semver)
8.3.0 (semver)
8.2.1 (semver)
8.2.0 (semver)
8.1.2 (semver)
8.1.1 (semver)
8.1.0 (semver)
8.0.1 (semver)
8.0.0 (semver)
7.88.1 (semver)
7.88.0 (semver)
7.87.0 (semver)
Credits
Stanislav Fort (Aisle Research)
Daniel Stenberg
References
www.openwall.com/lists/oss-security/2026/01/07/5
curl.se/docs/CVE-2025-14819.json (json)
curl.se/docs/CVE-2025-14819.html (www)