CVE-2014-0139

cURL and libcurl <7.36.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

References (17)

Core 17
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:213
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57836
Vendor Advisory x_refsource_confirm
http://curl.haxx.se/docs/adv_20140326B.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2902
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59458
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0165.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58615
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57968
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675820
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2167-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57966

Scores

EPSS 0.0167
EPSS Percentile 82.4%

Details

CWE
CWE-310
Status published
Products (50)
haxx/curl 7.10.6
haxx/curl 7.10.7
haxx/curl 7.10.8
haxx/curl 7.11.0
haxx/curl 7.11.1
haxx/curl 7.11.2
haxx/curl 7.12.0
haxx/curl 7.12.1
haxx/curl 7.12.2
haxx/curl 7.12.3
... and 40 more
Published Apr 15, 2014
Tracked Since Feb 18, 2026