Description
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
References (6)
Core 6
Core References
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Vendor Advisory x_refsource_confirm
http://curl.haxx.se/docs/adv_20150108A.html
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205031
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-47
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61925
Scores
EPSS
0.0042
EPSS Percentile
62.4%
Details
Status
published
Products (11)
apple/mac_os_x
< 10.10.4
haxx/libcurl
7.31.0
haxx/libcurl
7.32.0
haxx/libcurl
7.33.0
haxx/libcurl
7.34.0
haxx/libcurl
7.35.0
haxx/libcurl
7.36.0
haxx/libcurl
7.37.0
haxx/libcurl
7.37.1
haxx/libcurl
7.38.0
... and 1 more
Published
Jan 15, 2015
Tracked Since
Feb 18, 2026