CVE-2016-3739
- Source
- https://cve.org/CVERecord?id=CVE-2016-3739
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3739.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-3739
- Aliases
- Downstream
- Published
- 2016-05-20T14:59:05.450Z
- Modified
- 2026-03-13T22:21:55.693086Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The (1) mbedconnectstep1 function in lib/vtls/mbedtls.c and (2) polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.
- References
-
- http://www.securitytracker.com/id/1035907
- https://curl.haxx.se/changes.html#7_49_0
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.495349
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- http://www.openwall.com/lists/oss-security/2024/03/27/4
- http://www.securityfocus.com/bid/90726
- https://security.gentoo.org/glsa/201701-47
- https://curl.haxx.se/CVE-2016-3739.patch
- https://curl.haxx.se/docs/adv_20160518.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Affected packages
Git / github.com/curl/curl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/curl/curl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.21.0" }, { "introduced": "0" }, { "last_affected": "7.21.1" }, { "introduced": "0" }, { "last_affected": "7.21.2" }, { "introduced": "0" }, { "last_affected": "7.21.3" }, { "introduced": "0" }, { "last_affected": "7.21.4" }, { "introduced": "0" }, { "last_affected": "7.21.5" }, { "introduced": "0" }, { "last_affected": "7.21.6" }, { "introduced": "0" }, { "last_affected": "7.21.7" }, { "introduced": "0" }, { "last_affected": "7.22.0" }, { "introduced": "0" }, { "last_affected": "7.23.0" }, { "introduced": "0" }, { "last_affected": "7.23.1" }, { "introduced": "0" }, { "last_affected": "7.24.0" }, { "introduced": "0" }, { "last_affected": "7.25.0" }, { "introduced": "0" }, { "last_affected": "7.26.0" }, { "introduced": "0" }, { "last_affected": "7.27.0" }, { "introduced": "0" }, { "last_affected": "7.28.0" }, { "introduced": "0" }, { "last_affected": "7.28.1" }, { "introduced": "0" }, { "last_affected": "7.29.0" }, { "introduced": "0" }, { "last_affected": "7.30.0" }, { "introduced": "0" }, { "last_affected": "7.31.0" }, { "introduced": "0" }, { "last_affected": "7.32.0" }, { "introduced": "0" }, { "last_affected": "7.33.0" }, { "introduced": "0" }, { "last_affected": "7.34.0" }, { "introduced": "0" }, { "last_affected": "7.35.0" }, { "introduced": "0" }, { "last_affected": "7.36.0" }, { "introduced": "0" }, { "last_affected": "7.38.0" }, { "introduced": "0" }, { "last_affected": "7.39.0" }, { "introduced": "0" }, { "last_affected": "7.40.0" }, { "introduced": "0" }, { "last_affected": "7.41.0" }, { "introduced": "0" }, { "last_affected": "7.42.0" }, { "introduced": "0" }, { "last_affected": "7.42.1" }, { "introduced": "0" }, { "last_affected": "7.43.0" }, { "introduced": "0" }, { "last_affected": "7.44.0" }, { "introduced": "0" }, { "last_affected": "7.45.0" }, { "introduced": "0" }, { "last_affected": "7.46.0" }, { "introduced": "0" }, { "last_affected": "7.47.0" }, { "introduced": "0" }, { "last_affected": "7.48.0" } ] }
Affected versions
Other
before_ftp_statemachine
before_urldata_rename
curl-6_5
curl-6_5_1
curl-6_5_2
curl-7_10
curl-7_10_1
curl-7_10_2
curl-7_10_3
curl-7_10_4
curl-7_10_5
curl-7_10_6
curl-7_10_7
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_11_2
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_12_3
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_2
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_0-preldapfix
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_1
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_1_1
curl-7_2
curl-7_20_0
curl-7_20_1
curl-7_21_0
curl-7_3
curl-7_4_1
curl-7_5
curl-7_5_2
curl-7_6
curl-7_6-pre4
curl-7_6_1
curl-7_6_1-pre1
curl-7_6_1-pre2
curl-7_6_1-pre3
curl-7_7
curl-7_7-beta1
curl-7_7-beta2
curl-7_7-beta3
curl-7_7-beta5
curl-7_7_1
curl-7_7_2
curl-7_7_3
curl-7_7_alpha2
curl-7_8
curl-7_8-pre2
curl-7_8_1
curl-7_8_1-pre3
curl-7_9
curl-7_9_1
curl-7_9_2
curl-7_9_3
curl-7_9_3-pre1
curl-7_9_3-pre2
curl-7_9_3-pre3
curl-7_9_4
curl-7_9_5
curl-7_9_5-pre2
curl-7_9_5-pre4
curl-7_9_6
curl-7_9_7
curl-7_9_7-pre2
curl-7_9_8
curl_7_6-pre3