3 matches found
CVE-2017-2629
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server...
CVE-2017-2629
CVE-2017-2629 affects curl and libcurl prior to 7.53.0, where the TLS Certificate Status Request (OCSP stapling) check incorrectly returns valid proof even when none is provided or the server does not support the extension. This can cause users to fail to detect a server certificate becoming inva...
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003)
The remote host is running Mac OS X 10.10.5, Mac OS X 10.11.6, or macOS 10.12.5 and is missing a security update. It is therefore, affected by multiple vulnerabilities : - An overflow condition exists in the curl component in the dprintfformatf function that is triggered when handling floating...