CURL-CVE-2016-5419

See a problem?

Source

https://curl.se/docs/CVE-2016-5419.html

Import Source

https://curl.se/docs/CURL-CVE-2016-5419.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2016-5419

Aliases

CVE-2016-5419

Published

2016-08-03T08:00:00Z

Modified

2024-06-07T13:53:51Z

Summary

TLS session resumption client cert bypass

Details

libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate).

libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection could not be kept alive to make the next handshake faster.

References

Credits

- Bru Rom - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER
- Eric Rescorla - OTHER
- Ray Satiro - OTHER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

5.0

Fixed

7.50.1

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

ae1912cb0d494b48d514d937826c9fe83ec96c4d

Fixed

247d890da88f9ee817079e246c59f3d7d12fde5f

Affected versions

5.*

5.0

5.10

5.11

5.2

5.2.1

5.3

5.4

5.5

5.5.1

5.7

5.7.1

5.8

5.9

5.9.1

6.*

6.0

6.1

6.2

6.3

6.3.1

6.4

6.5

6.5.1

6.5.2

7.*

7.1

7.1.1

7.10

7.10.1

7.10.2

7.10.3

7.10.4

7.10.5

7.10.6

7.10.7

7.10.8

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.12.2

7.12.3

7.13.0

7.13.1

7.13.2

7.14.0

7.14.1

7.15.0

7.15.1

7.15.2

7.15.3

7.15.4

7.15.5

7.16.0

7.16.1

7.16.2

7.16.3

7.16.4

7.17.0

7.17.1

7.18.0

7.18.1

7.18.2

7.19.0

7.19.1

7.19.2

7.19.3

7.19.4

7.19.5

7.19.6

7.19.7

7.2

7.2.1

7.20.0

7.20.1

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.3

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.4

7.4.1

7.4.2

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.5

7.5.1

7.5.2

7.50.0

7.6

7.6.1

7.7

7.7.1

7.7.2

7.7.3

7.8

7.8.1

7.9

7.9.1

7.9.2

7.9.3

7.9.4

7.9.5

7.9.6

7.9.7

7.9.8