libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx libcurl |
||
fedoraproject fedora 33 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
netapp cloud backup - |
||
netapp clustered data ontap - |
||
netapp solidfire \\& hci management node - |
||
netapp solidfire baseboard management controller firmware - |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle mysql server |
||
siemens sinec infrastructure network services |
||
siemens sinema remote connect server |
||
siemens logo\\!_cmr2040_firmware |
||
siemens logo\\!_cmr2020_firmware |
||
siemens ruggedcomrm_1224_lte_firmware |
||
siemens scalance_m804pb_firmware |
||
siemens scalance_m812-1_firmware |
||
siemens scalance_m816-1_firmware |
||
siemens scalance_m826-2_firmware |
||
siemens scalance_m874-2_firmware |
||
siemens scalance_m874-3_firmware |
||
siemens scalance_m876-3_firmware |
||
siemens scalance_m876-4_firmware |
||
siemens scalance_mum856-1_firmware |
||
siemens scalance_s615_firmware |
||
siemens simatic_cp_1543-1_firmware |
||
siemens simatic_cp_1545-1_firmware |
||
siemens simatic_rtu3010c_firmware |
||
siemens simatic_rtu3030c_firmware |
||
siemens simatic_rtu3031c_firmware |
||
siemens simatic_rtu_3041c_firmware |
||
siemens sinema remote connect |
||
siemens siplus_net_cp_1543-1_firmware |
||
splunk universal forwarder 9.1.0 |
||
splunk universal forwarder |