CVE-2016-5420
N/A
N/A
Summary
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://rhn.redhat.com/errata/RHSA-2016-2575.html
- https://access.redhat.com/errata/RHSA-2018:3558
- http://www.securityfocus.com/bid/92309
- https://source.android.com/security/bulletin/2016-12-01.html
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
- http://www.securitytracker.com/id/1036739
- http://www.debian.org/security/2016/dsa-3638
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
- https://www.tenable.com/security/tns-2016-18
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
- http://www.securitytracker.com/id/1036537
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://curl.haxx.se/docs/adv_20160803B.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- https://security.gentoo.org/glsa/201701-47
- http://www.ubuntu.com/usn/USN-3048-1
References
- http://rhn.redhat.com/errata/RHSA-2016-2575.html
- https://access.redhat.com/errata/RHSA-2018:3558
- http://www.securityfocus.com/bid/92309
- https://source.android.com/security/bulletin/2016-12-01.html
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
- http://www.securitytracker.com/id/1036739
- http://www.debian.org/security/2016/dsa-3638
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
- https://www.tenable.com/security/tns-2016-18
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
- http://www.securitytracker.com/id/1036537
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://curl.haxx.se/docs/adv_20160803B.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- https://security.gentoo.org/glsa/201701-47
- http://www.ubuntu.com/usn/USN-3048-1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.