When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.
8.5.0-2ubuntu10.78.14.1-2ubuntu1.1Exploitability
AV:NAC:HPR:NUI:RScope
S:UImpact
C:HI:NA:NCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N