CVE-2016-9953
- Source
- https://cve.org/CVERecord?id=CVE-2016-9953
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9953.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-9953
- Aliases
- Downstream
- Published
- 2018-03-12T21:29:00.563Z
- Modified
- 2025-11-20T10:34:47.605053Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
- References
Affected packages
Git / github.com/curl/curl
Affected versions
Other
curl-7_30_0
curl-7_31_0
curl-7_32_0
curl-7_33_0
curl-7_34_0
curl-7_35_0
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0