Security bypass vulnerabilities in cURL

Описание

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Below is a complete list of vulnerabilities

1. Use-after-free vulnerability can be exploited to control which connection is used;
2. An improper TLS connection reuse handling can be exploited remotely via connection manipulations to hijack authentication;
3. An improper TLS certificate change handling can be exploited remotely via connection manipulations to bypass security restrictions.

---

Technical details

The curl command line tool is also affected because of these flaws.

All vulnerabilities were found in libcurl library.

Первичный источник обнаружения

• cURL vulnerabilities table and advisories
  

Связанные продукты

• cURL

Список CVE

• CVE-2016-5421
  high
• CVE-2016-5420
  warning
• CVE-2016-5419
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com