curl and libcurl prior to 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote malicious users to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse leap 42.1 |
||
haxx libcurl |