CURL-CVE-2016-9953

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2016-9953.html
Import Source
https://curl.se/docs/CURL-CVE-2016-9953.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2016-9953
Aliases
Published
2016-12-21T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
Win CE Schannel cert name out of buffer read
Details

curl's TLS server certificate checks are flawed on Windows CE.

This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name (as returned by the Windows API function CertGetNameString() to the hostname used to make the connection to the server.

The pattern matching logic exhibits an out of bounds read. If the wildcard certificate name field is longer than the connection hostname, the wildcard comparison code performs an access out of bounds of the connection hostname heap based buffer. This issue could technically leak the contents of memory immediately preceding the connection hostname buffer, just a crash or at worst happen to match against another piece of data.

Database specific 
{
    "CWE": {
        "id": "CWE-126",
        "desc": "Buffer Over-read"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2016-9953.json",
    "severity": "Medium",
    "www": "https://curl.se/docs/CVE-2016-9953.html",
    "last_affected": "7.51.0"
}
References
Credits
    • Dan McNulty - FINDER
    • Dan McNulty - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.27.0
Fixed
7.52.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
4ab2d26cb83dfbb74ba9eeaaa4835b4dd12883d4
Fixed
0354eed41085baa5ba8777019ebf5e9ef32c001d

Affected versions

7.*

7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0