Vulnerability in Libcurl 8.17.0 and older in the Siteminder Policy Server r12.9 and older
search cancel

Vulnerability in Libcurl 8.17.0 and older in the Siteminder Policy Server r12.9 and older

book

Article ID: 437711

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The Siteminder Policy Server bundles Libcurl in the binaries.  The following versions of Libcurl are shipped with the Siteminder Policy Server:


Policy Server r12.9:        LibCurl 8.12.1.0

 

NOTE: This KB only applies to Siteminder Policy Server r12.9.  For the 12.8.8.1 and older Policy Servers use KB 437690 Vulnerability in Libcurl 8.10.0 and older in the Siteminder Policy Server r12.8.8.1 and older

 

Environment

PRODUCT: Symantec Siteminder

COMPONENT: Policy Server

VERSIONS: r12.9 (Only)

OPERATING SYSTEM: Any

Cause

The following CVE's have been published for LibCurl 7.84.0 - 8.18.0.

CVEFirst Version ImpactedLast Version Impacted
CVE-2026-3805: use after free in SMB connection reuse8.13.08.18.0
CVE-2026-3784: wrong proxy connection reuse with credentials7.78.18.0
CVE-2026-3783: token leak with redirect and netrc7.33.08.18.0
CVE-2026-1965: bad reuse of HTTP Negotiate connection7.10.68.18.0
CVE-2025-15224: libssh key passphrase bypass without agent set7.58.08.17.0
CVE-2025-15079: libssh global known_hosts override7.58.08.17.0
CVE-2025-14819: OpenSSL partial chain store policy bypass7.87.08.17.0
CVE-2025-14524: bearer token leak on cross-protocol redirect7.33.08.17.0
CVE-2025-14017: broken TLS options for threaded LDAPS7.17.08.17.0
CVE-2025-13034: No QUIC certificate pinning with GnuTLS8.8.08.17.0
CVE-2025-10966: missing SFTP host verification with wolfSSH7.69.08.16.0
CVE-2025-10148: predictable WebSocket mask8.11.08.15.0
CVE-2025-9086: Out of bounds read for cookie path8.13.08.15.0
CVE-2025-5399: WebSocket endless loop8.13.08.14.0
CVE-2025-5025: No QUIC certificate pinning with wolfSSL8.5.08.13.0
CVE-2025-4947: QUIC certificate check skip with wolfSSL8.8.08.13.0
CVE-2025-0725: gzip integer overflow7.10.58.11.1
CVE-2025-0665: eventfd double close8.11.18.11.1
CVE-2025-0167: netrc and default credential leak7.76.08.11.1
CVE-2024-11053: netrc and redirect credential leak7.76.08.11.0
CVE-2024-9681: HSTS subdomain overwrites parent cache entry7.74.08.10.1
CVE-2024-8096: OCSP stapling bypass with GnuTLS7.41.08.9.1
CVE-2024-7264: ASN.1 date parser overread7.32.08.9.0
CVE-2024-6874: macidn punycode buffer overread8.8.08.8.0
CVE-2024-6197: freeing stack buffer in utf8asn1str8.6.08.8.0
CVE-2024-2466: TLS certificate check bypass with mbedTLS8.5.08.6.0
CVE-2024-2398: HTTP/2 push headers memory-leak7.44.08.6.0
CVE-2024-2379: QUIC certificate check bypass with wolfSSL8.6.08.6.0
CVE-2024-2004: Usage of disabled protocol7.85.08.6.0
CVE-2024-0853: OCSP verification bypass with TLS session reuse8.5.08.5.0
CVE-2023-46219: HSTS long filename clears contents7.84.08.4.0
CVE-2023-46218: cookie mixed case PSL bypass7.46.08.4.0
CVE-2023-38546: cookie injection with none file7.9.18.3.0
CVE-2023-38545: SOCKS5 heap buffer overflow7.69.08.3.0
CVE-2023-38039: HTTP headers eat all memory7.84.08.2.1
CVE-2023-28322: more POST-after-PUT confusion7.78.0.1
CVE-2023-28321: IDN wildcard match7.12.08.0.1
CVE-2023-28320: siglongjmp race condition7.9.88.0.1
CVE-2023-28319: UAF in SSH sha256 fingerprint check7.81.08.0.1
CVE-2023-27538: SSH connection too eager reuse still7.16.17.88.1
CVE-2023-27537: HSTS double free7.88.07.88.1
CVE-2023-27536: GSS delegation too eager connection reuse7.22.07.88.1
CVE-2023-27535: FTP too eager connection reuse7.13.07.88.1
CVE-2023-27534: SFTP path ~ resolving discrepancy7.18.07.88.1
CVE-2023-27533: TELNET option IAC injection7.77.88.1
CVE-2023-23916: HTTP multi-header compression denial of service7.57.07.87.0
CVE-2023-23915: HSTS amnesia with --parallel7.77.07.87.0
CVE-2023-23914: HSTS ignored on multiple requests7.77.07.87.0
CVE-2022-43552: HTTP Proxy deny use after free7.16.07.86.0
CVE-2022-43551: Another HSTS bypass via IDN7.77.07.86.0
CVE-2022-42916: HSTS bypass via IDN7.77.07.85.0
CVE-2022-42915: HTTP proxy double free7.77.07.85.0
CVE-2022-35260: .netrc parser out-of-bounds access7.84.07.85.0
CVE-2022-32221: POST following PUT confusion7.77.85.0
CVE-2022-35252: control code in cookie denial of service4.97.84.0

 

Resolution

Using this KB you can upgrade LibCurl on the r12.9 Siteminder Policy Server to LibCurl 8.19.0.  LibCurl 8.19.0 has been attached to this KB.

Upgrade Siteminder r12.9 to LibCurl 8.19.0

LINUX 

1) Download 'libcurl_8.19.0_12.9_linux.zip' to the Siteminder Policy Server

2) Decompress 'libcurl_8.19.0_12.9_linux.zip'

Contents:

libcurl.so
libcurl.so.4
libcurl.so.4.8.0

3) Stop the Siteminder Policy Server

4) Backup and Delete, or Rename the following files:

/<Install_Dir>/CA/siteminder/lib/libcurl.so.4.8.0
/<Install_Dir>/CA/siteminder/lib/libcurl.so.4
/<Install_Dir>/CA/siteminder/lib/libcurl.so

5) Copy the following files from 'libcurl_8.19.0_12.9_linux.zip' into the '/<Install_Dir>/CA/siteminder/lib/' directory.

libcurl.so
libcurl.so.4
libcurl.so.4.8.0

6) Start the Siteminder Policy Server

WINDOWS

1) Download 'libcurl_8.19.0_12.9_win64.zip' to the Siteminder Policy Server

2) Decompress 'libcurl_8.19.0_12.9_win64.zip'

3) Stop the Siteminder Policy Server

4) Backup and Delete, or Rename the following files:

<Install_Dir>\CA\siteminder\bin\libcurl.dll

5) Copy the following files from 'libcurl_8.19.0_12.9_win64.zip' into the '<Install_Dir>\CA\siteminder\bin\' directory.

libcurl.dll

6) Start the Siteminder Policy Server

Additional Information

curl and libcurl vulnerabilities

KB 437690 Vulnerability in Libcurl 8.10.0 and older in the Siteminder Policy Server r12.8.8.1 and older

Libcurl 8.19.0 Remediate the following CVE's:

CVE-2026-3805: use after free in SMB connection reuse
CVE-2026-3784: wrong proxy connection reuse with credentials
CVE-2026-3783: token leak with redirect and netrc
CVE-2026-1965: bad reuse of HTTP Negotiate connection
CVE-2025-15224: libssh key passphrase bypass without agent set
CVE-2025-15079: libssh global known_hosts override
CVE-2025-14819: OpenSSL partial chain store policy bypass
CVE-2025-14524: bearer token leak on cross-protocol redirect
CVE-2025-14017: broken TLS options for threaded LDAPS
CVE-2025-13034: No QUIC certificate pinning with GnuTLS
CVE-2025-10966: missing SFTP host verification with wolfSSH
CVE-2025-10148: predictable WebSocket mask
CVE-2025-9086: Out of bounds read for cookie path
CVE-2025-5399: WebSocket endless loop
CVE-2025-5025: No QUIC certificate pinning with wolfSSL
CVE-2025-4947: QUIC certificate check skip with wolfSSL
CVE-2025-0725: gzip integer overflow
CVE-2025-0665: eventfd double close
CVE-2025-0167: netrc and default credential leak
CVE-2024-11053: netrc and redirect credential leak
CVE-2024-9681: HSTS subdomain overwrites parent cache entry
CVE-2024-8096: OCSP stapling bypass with GnuTLS
CVE-2024-7264: ASN.1 date parser overread
CVE-2024-6874: macidn punycode buffer overread
CVE-2024-6197: freeing stack buffer in utf8asn1str
CVE-2024-2466: TLS certificate check bypass with mbedTLS
CVE-2024-2398: HTTP/2 push headers memory-leak
CVE-2024-2379: QUIC certificate check bypass with wolfSSL
CVE-2024-2004: Usage of disabled protocol
CVE-2024-0853: OCSP verification bypass with TLS session reuse
CVE-2023-46219: HSTS long filename clears contents
CVE-2023-46218: cookie mixed case PSL bypass
CVE-2023-38546: cookie injection with none file
CVE-2023-38545: SOCKS5 heap buffer overflow
CVE-2023-38039: HTTP headers eat all memory
CVE-2023-28322: more POST-after-PUT confusion
CVE-2023-28321: IDN wildcard match
CVE-2023-28320: siglongjmp race condition
CVE-2023-28319: UAF in SSH sha256 fingerprint check
CVE-2023-27538: SSH connection too eager reuse still
CVE-2023-27537: HSTS double free
CVE-2023-27536: GSS delegation too eager connection reuse
CVE-2023-27535: FTP too eager connection reuse
CVE-2023-27534: SFTP path ~ resolving discrepancy
CVE-2023-27533: TELNET option IAC injection
CVE-2023-23916: HTTP multi-header compression denial of service
CVE-2023-23915: HSTS amnesia with --parallel
CVE-2023-23914: HSTS ignored on multiple requests
CVE-2022-43552: HTTP Proxy deny use after free
CVE-2022-43551: Another HSTS bypass via IDN
CVE-2022-42916: HSTS bypass via IDN
CVE-2022-42915: HTTP proxy double free
CVE-2022-35260: .netrc parser out-of-bounds access
CVE-2022-32221: POST following PUT confusion
CVE-2022-35252: control code in cookie denial of service

 

Attachments

libcurl_8.19.0_12.9_win64.zip get_app
libcurl_8.19.0_12.9_linux.zip get_app
Powered by Wolken Software