CVE-2016-3739
Published: 20 May 2016
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.
Notes
Author | Note |
---|---|
sbeattie | curl in ubuntu is built with gnutls |
Priority
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(gnutls tls backend)
|
trusty |
Not vulnerable
(gnutls tls backend)
|
|
upstream |
Released
(7.49.0)
|
|
wily |
Not vulnerable
(gnutls tls backend)
|
|
xenial |
Not vulnerable
(gnutls tls backend)
|
|
Patches: upstream: https://curl.haxx.se/CVE-2016-3739.patch |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |