[3.0] curl: TLS certificate check bypass with mbedTLS/PolarSSL (CVE-2016-3739)
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2)
polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and
libcurl before 7.49.0,
when using SSLv3 or making a TLS connection to a URL that uses a
numerical IP address, allow remote attackers to spoof servers via an
arbitrary valid certificate.
Affected versions:
7.21.0 to and including 7.48.0
References:
https://curl.haxx.se/docs/adv\_20160518.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3739
Patch:
https://curl.haxx.se/CVE-2016-3739.patch
(from redmine: issue id 5654, created on 2016-05-29, closed on 2016-06-02)
- Relations:
- parent #5650 (closed)