5.3

CVE-2016-3739

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version7.21.0
HaxxCurl Version7.21.1
HaxxCurl Version7.21.2
HaxxCurl Version7.21.3
HaxxCurl Version7.21.4
HaxxCurl Version7.21.5
HaxxCurl Version7.21.6
HaxxCurl Version7.21.7
HaxxCurl Version7.22.0
HaxxCurl Version7.23.0
HaxxCurl Version7.23.1
HaxxCurl Version7.24.0
HaxxCurl Version7.25.0
HaxxCurl Version7.26.0
HaxxCurl Version7.27.0
HaxxCurl Version7.28.0
HaxxCurl Version7.28.1
HaxxCurl Version7.29.0
HaxxCurl Version7.30.0
HaxxCurl Version7.31.0
HaxxCurl Version7.32.0
HaxxCurl Version7.33.0
HaxxCurl Version7.34.0
HaxxCurl Version7.35.0
HaxxCurl Version7.36.0
HaxxCurl Version7.38.0
HaxxCurl Version7.39.0
HaxxCurl Version7.40.0
HaxxCurl Version7.41.0
HaxxCurl Version7.42.0
HaxxCurl Version7.42.1
HaxxCurl Version7.43.0
HaxxCurl Version7.44.0
HaxxCurl Version7.45.0
HaxxCurl Version7.46.0
HaxxCurl Version7.47.0
HaxxCurl Version7.48.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.38% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://security.gentoo.org/glsa/201701-47
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://www.openwall.com/lists/oss-security/2024/03/27/4
http://www.securityfocus.com/bid/90726
http://www.securitytracker.com/id/1035907
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.495349
https://curl.haxx.se/CVE-2016-3739.patch
Vendor Advisory
https://curl.haxx.se/changes.html#7_49_0
https://curl.haxx.se/docs/adv_20160518.html
Vendor Advisory