Lucene search
UbuntuUSN-2058-1HistoryDec 18, 2013 - 12:00 a.m.
curl vulnerability
2013-12-1800:00:00
ubuntu.com
34
Releases
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04
Packages
- curl - HTTP, HTTPS, and FTP client and client libraries
Details
Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN
name fields when digital signature verification was disabled in the GnuTLS
backend. When libcurl is being used in this uncommon way by specific
applications, an attacker could exploit this to perform a machine-in-the-middle
attack to view sensitive information or alter encrypted communications.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 13.10 | noarch | libcurl3-gnutls | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | curl | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | curl-udeb | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libcurl3 | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libcurl3-dbg | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libcurl3-nss | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libcurl3-udeb | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libcurl4-gnutls-dev | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libcurl4-nss-dev | < 7.32.0-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libcurl4-openssl-dev | < 7.32.0-1ubuntu1.2 | UNKNOWN |
References
Related
nessus
nessus
freebsd
freebsd
cURL library -- cert name check ignore with GnuTLS
2013-12-17 00:00:00
cvelist
cvelist
CVE-2013-6422
2013-12-23 22:00:00
prion
prion
Design/Logic Flaw
2013-12-23 22:55:00
debian
debian
[SECURITY] [DSA 2824-1] curl security update
2013-12-19 18:51:28
[SECURITY] [DSA 2824-1] curl security update
2013-12-19 18:51:05
openvas
openvas
Debian: Security Advisory (DSA-2824-1)
2013-12-18 00:00:00
Debian Security Advisory DSA 2824-1 (curl - unchecked tls/ssl certificate host name)
2013-12-19 00:00:00
Ubuntu: Security Advisory (USN-2058-1)
2013-12-23 00:00:00
securityvulns
securityvulns
[USN-2058-1] curl vulnerability
2013-12-23 00:00:00
cURL certificates spoofing
2013-12-23 00:00:00
debiancve
debiancve
CVE-2013-6422
2013-12-23 22:55:00
cve
cve
CVE-2013-6422
2013-12-23 22:55:00
ubuntucve
ubuntucve
CVE-2013-6422
2013-12-17 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-01-20 00:00:00
kaspersky
kaspersky
KLA10458 Multiple vulnerabilities in HP SMH
2014-01-10 00:00:00
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00