CVE-2025-9086 | Out of bounds read for cookie path
A vulnerability in how curl/libcurl handles cookie path comparison can lead to an out-of-bounds read on the heap, potentially impacting various Azure and cloud services.
Why it matters
This vulnerability can impact the stability and security of critical Azure services and infrastructure, requiring comprehensive assessment and remediation across the cloud estate.
Key Points
- 1CVE-2025-9086 is a flaw in the logic that decides whether a cookie should be sent on a given request, causing an out-of-bounds read on the heap
- 2This vulnerability can become a repeatable crash primitive, a potential side-channel, or a building block for more complex exploit chains
- 3The vulnerability can impact various Azure services and components that rely on curl/libcurl, such as AKS, App Service, Functions, API gateways, and DevOps/security infrastructure
Details
CVE-2025-9086 is a vulnerability in how curl/libcurl handles cookie path comparison. When certain cookie path conditions are met, the internal comparison can walk beyond the allocated heap buffer, leading to an out-of-bounds read. This can result in a repeatable crash primitive, a potential side-channel on heap layout or adjacent memory, and a building block for more complex exploit chains. The vulnerability can impact various Azure services and components that rely on curl/libcurl, such as AKS sidecars, App Service and Functions runtimes, API gateways, and DevOps/security infrastructure that use curl/libcurl under the hood.
No comments yet
Be the first to comment