KLA10815
Security bypass vulnerability in cURL
Updated: 06/01/2019
Detect date
?
05/18/2016
Severity
?
Warning
Description

An improper TLS connections handling was found in cURL. By exploiting this vulnerability malicious users can bypass sec. This vulnerability can be exploited remotely via TLS certificate manipulations.


Technical details

Libcurl affected only if mbedTLS or PolarSSL as TLS backend.

Affected products

cURL and libcurl versions earlier than 7.49.0

Solution

Update to the latest version
cURL download page

Original advisories

Vendor advisory

Impacts
?
SB 
[?]
CVE-IDS
?
CVE-2016-37392.6Warning