CVE-2016-9952
HIGHcurl 7.30.0-7.51.0 - Improper Certificate Validation via Wildcard SAN in schannel TLS Backend
Title source: llmDescription
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://curl.haxx.se/docs/adv_20161221B.html
Vendor Advisory x_refsource_confirm
https://curl.haxx.se/CVE-2016-9952.patch
Scores
CVSS v3
8.1
EPSS
0.0058
EPSS Percentile
69.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (1)
haxx/curl
7.30.0 - 7.51.0
Published
Mar 12, 2018
Tracked Since
Feb 18, 2026