CURL-CVE-2016-7141
- Source
- https://curl.se/docs/CVE-2016-7141.html
- Import Source
- https://curl.se/docs/CURL-CVE-2016-7141.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2016-7141
- Aliases
- Published
- 2016-09-07T08:00:00Z
- Modified
- 2025-09-27T10:58:29Z
- Summary
- Incorrect reuse of client certificates
- Details
-
libcurl built on top of NSS (Network Security Services) incorrectly reused client certificates if a certificate from file was used for one TLS connection but no certificate set for a subsequent TLS connection.
While the symptoms are similar to CVE-2016-5420 (Reusing connection with wrong client cert), this vulnerability was caused by an implementation detail of the NSS backend in libcurl, which is orthogonal to the cause of CVE-2016-5420.
- Database specific
{ "URL": "https://curl.se/docs/CVE-2016-7141.json", "last_affected": "7.50.1", "affects": "both", "www": "https://curl.se/docs/CVE-2016-7141.html", "severity": "High", "CWE": { "id": "CWE-305", "desc": "Authentication Bypass by Primary Weakness" }, "package": "curl" }- References
-
- Credits
-
-
- Red Hat - FINDER
-
- Kamil Dudka - REMEDIATION_DEVELOPER
-
Affected packages
Git /
Affected versions
7.*
7.19.6
7.19.7
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1