CURL-CVE-2016-9953

See a problem?
Source
https://curl.se/docs/CVE-2016-9953.html
Import Source
https://curl.se/docs/CURL-CVE-2016-9953.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2016-9953
Aliases
Published
2016-12-21T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
Win CE Schannel cert name out of buffer read
Details

curl's TLS server certificate checks are flawed on Windows CE.

This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name (as returned by the Windows API function CertGetNameString() to the hostname used to make the connection to the server.

The pattern matching logic exhibits an out of bounds read. If the wildcard certificate name field is longer than the connection hostname, the wildcard comparison code performs an access out of bounds of the connection hostname heap based buffer. This issue could technically leak the contents of memory immediately preceding the connection hostname buffer, just a crash or at worst happen to match against another piece of data.

References
Credits
    • Dan McNulty - FINDER
    • Dan McNulty - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.27.0
Fixed
7.52.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0