#VU32263 Cryptographic issues in cURL


Published: 2016-08-10 | Updated: 2020-07-28

Vulnerability identifier: #VU32263

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-5419

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Mitigation
Install update from vendor's website.

Vulnerable software versions

cURL: 7.50.0

External links
http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
http://rhn.redhat.com/errata/RHSA-2016-2575.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.debian.org/security/2016/dsa-3638
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/92292
http://www.securityfocus.com/bid/92319
http://www.securitytracker.com/id/1036538
http://www.securitytracker.com/id/1038341
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
http://www.ubuntu.com/usn/USN-3048-1
http://access.redhat.com/errata/RHSA-2018:3558
http://curl.haxx.se/docs/adv_20160803A.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/
http://security.gentoo.org/glsa/201701-47
http://source.android.com/security/bulletin/2016-12-01.html
http://www.tenable.com/security/tns-2016-18

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru and QLogic Virtual Fabric Extension Module for IBM BladeCenter
Arch Linux update for curl
Amazon Linux AMI update for curl
Cryptographic issues in curl.haxx.se cURL
Slackware Linux update for curl
Cryptographic issues in curl (Alpine package)