Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7468

libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.

Source

Severity Medium

Remote Yes

Type Certificate verification bypass

Description

libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate).
This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.

AVG-243 lib32-curl 7.53.1-1 7.54.0-1 Medium Fixed

AVG-241 curl 7.53.1-2 7.54.0-1 Medium Fixed

AVG-184 lib32-libcurl-gnutls 7.52.1-2 7.53.0-1 Medium Fixed

AVG-183 lib32-libcurl-compat 7.52.1-2 7.53.0-1 Medium Fixed

AVG-181 libcurl-gnutls 7.52.1-1 7.53.0-1 Medium Fixed

AVG-180 libcurl-compat 7.52.1-1 7.53.0-1 Medium Fixed

29 Apr 2017 ASA-201704-12 AVG-241 curl Medium certificate verification bypass

https://curl.haxx.se/docs/adv_20170419.html

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect