Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4545HistoryNov 23, 2013 - 11:55 a.m.
CVE-2013-4545
2013-11-2311:55:00
Debian Security Bug Tracker
security-tracker.debian.org
17
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.6%
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | < 7.33.0-1 | curl_7.33.0-1_all.deb |
| Debian | 11 | all | curl | < 7.33.0-1 | curl_7.33.0-1_all.deb |
| Debian | 10 | all | curl | < 7.33.0-1 | curl_7.33.0-1_all.deb |
| Debian | 999 | all | curl | < 7.33.0-1 | curl_7.33.0-1_all.deb |
| Debian | 13 | all | curl | < 7.33.0-1 | curl_7.33.0-1_all.deb |
Related
openvas
openvas
Ubuntu Update for curl USN-2048-1
2013-12-17 00:00:00
Fedora Update for mingw-curl FEDORA-2013-22046
2014-02-05 00:00:00
Fedora Update for mingw-curl FEDORA-2013-21887
2013-12-03 00:00:00
nessus
nessus
SUSE SLED11 / SLES11 Security Update : curl (SUSE-SU-2014:0004-1)
2015-05-20 00:00:00
Mandriva Linux Security Advisory : curl (MDVSA-2013:276)
2013-11-22 00:00:00
SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8617 / 8621)
2014-01-03 00:00:00
debian
debian
[SECURITY] [DSA 2798-1] curl security update
2013-11-17 18:32:28
[SECURITY] [DSA 2798-2] curl security update
2013-11-20 22:16:54
[SECURITY] [DSA 2798-1] curl security update
2013-11-17 18:32:28
ubuntu
ubuntu
curl vulnerability
2013-12-05 00:00:00
mageia
mageia
Updated curl packages fix CVE-2013-4545
2013-11-21 00:56:39
securityvulns
securityvulns
[ MDVSA-2013:276 ] curl
2013-11-26 00:00:00
cURL certificates spoofing
2013-12-23 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-curl-7.33.0-1.fc20
2013-12-14 03:07:35
[SECURITY] Fedora 19 Update: mingw-curl-7.33.0-1.fc19
2013-12-02 09:35:24
[SECURITY] Fedora 20 Update: mingw-curl-7.37.0-1.fc20
2014-06-10 02:52:24
cve
cve
CVE-2013-4545
2013-11-23 11:55:00
f5
f5
SOL15150 - cURL and libcurl vulnerability CVE-2013-4545
2014-04-07 00:00:00
K15150 : cURL and libcurl vulnerability CVE-2013-4545
2014-04-07 00:00:00
prion
prion
Design/Logic Flaw
2013-11-23 11:55:00
ubuntucve
ubuntucve
CVE-2013-4545
2013-11-23 00:00:00
CVE-2013-6422
2013-12-17 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in curl affect IBM Chassis Management Module (CMM) (CVE-2013-4545, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2013-2174)
2019-01-31 01:55:01
kaspersky
kaspersky
KLA10458 Multiple vulnerabilities in HP SMH
2014-01-10 00:00:00
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.6%
Related for DEBIANCVE:CVE-2013-4545