curl 7.61.0 up to and including 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl |
||
oracle mysql server |
||
oracle essbase |
||
oracle communications cloud native core network slice selection function 1.8.0 |
||
oracle communications cloud native core network repository function 1.15.0 |
||
oracle communications cloud native core network function cloud native environment 1.10.0 |
||
oracle communications cloud native core service communication proxy 1.15.0 |
||
oracle communications cloud native core network repository function 1.15.1 |
||
oracle communications cloud native core binding support function 1.11.0 |
||
netapp cloud backup - |
||
netapp solidfire \\& hci management node - |
||
netapp solidfire baseboard management controller firmware - |
||
netapp solidfire\\, enterprise sds \\& hci storage node - |
||
netapp hci_compute_node_firmware - |
||
netapp h300e_firmware - |
||
netapp h300s_firmware - |
||
netapp h410s_firmware - |
||
netapp h500e_firmware - |
||
netapp h500s_firmware - |
||
netapp h700e_firmware - |
||
netapp h700s_firmware - |
||
siemens sinec infrastructure network services |
||
splunk universal forwarder 9.1.0 |
||
splunk universal forwarder |