curl and libcurl prior to 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote malicious users to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
haxx libcurl |
||
opensuse leap 42.1 |