The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl prior to 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote malicious users to spoof servers via an arbitrary valid certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl 7.48.0 |
||
haxx curl 7.47.0 |
||
haxx curl 7.41.0 |
||
haxx curl 7.40.0 |
||
haxx curl 7.31.0 |
||
haxx curl 7.30.0 |
||
haxx curl 7.24.0 |
||
haxx curl 7.23.1 |
||
haxx curl 7.21.3 |
||
haxx curl 7.21.2 |
||
haxx curl 7.42.1 |
||
haxx curl 7.42.0 |
||
haxx curl 7.34.0 |
||
haxx curl 7.33.0 |
||
haxx curl 7.32.0 |
||
haxx curl 7.26.0 |
||
haxx curl 7.25.0 |
||
haxx curl 7.21.5 |
||
haxx curl 7.21.4 |
||
haxx curl 7.43.0 |
||
haxx curl 7.46.0 |
||
haxx curl 7.36.0 |
||
haxx curl 7.35.0 |
||
haxx curl 7.28.0 |
||
haxx curl 7.27.0 |
||
haxx curl 7.21.7 |
||
haxx curl 7.21.6 |
||
haxx curl 7.45.0 |
||
haxx curl 7.44.0 |
||
haxx curl 7.39.0 |
||
haxx curl 7.38.0 |
||
haxx curl 7.29.0 |
||
haxx curl 7.28.1 |
||
haxx curl 7.23.0 |
||
haxx curl 7.22.0 |
||
haxx curl 7.21.1 |
||
haxx curl 7.21.0 |