CVE-2016-5420

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
8.0
haxxlibcurl
𝑥
≤ 7.50.0
opensuseleap
42.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
curl
bookworm
7.88.1-10+deb12u7
fixed
bookworm (security)
7.88.1-10+deb12u5
fixed
bullseye
7.74.0-1.3+deb11u13
fixed
bullseye (security)
7.74.0-1.3+deb11u11
fixed
sid
8.10.1-2
fixed
trixie
8.10.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
curl
precise
Fixed 7.22.0-3ubuntu4.16
released
trusty
Fixed 7.35.0-1ubuntu2.8
released
xenial
Fixed 7.47.0-1ubuntu2.1
released
yakkety
not-affected
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
curl
suse enterprise sap 12 SP1
7.37.0-28.1
fixed
suse enterprise sap 12 SP5
7.60.0-9.8
fixed
suse enterprise server 12 SP1
7.37.0-28.1
fixed
suse enterprise server 12 SP5
7.60.0-9.8
fixed
libcurl4
suse enterprise sap 12 SP1
7.37.0-28.1
fixed
suse enterprise sap 12 SP5
7.60.0-9.8
fixed
suse enterprise server 12 SP1
7.37.0-28.1
fixed
suse enterprise server 12 SP5
7.60.0-9.8
fixed
libcurl4-32bit
suse enterprise sap 12 SP1
7.37.0-28.1
fixed
suse enterprise sap 12 SP5
7.60.0-9.8
fixed
suse enterprise server 12 SP1
7.37.0-28.1
fixed
suse enterprise server 12 SP5
7.60.0-9.8
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
curl
RHEL 7
0:7.29.0-35.el7
fixed
libcurl
RHEL 7
0:7.29.0-35.el7
fixed
libcurl-devel
RHEL 7
0:7.29.0-35.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
http://rhn.redhat.com/errata/RHSA-2016-2575.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.debian.org/security/2016/dsa-3638
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/92309
http://www.securitytracker.com/id/1036537
http://www.securitytracker.com/id/1036739
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
http://www.ubuntu.com/usn/USN-3048-1
https://access.redhat.com/errata/RHSA-2018:3558
https://curl.haxx.se/docs/adv_20160803B.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/
https://security.gentoo.org/glsa/201701-47
https://source.android.com/security/bulletin/2016-12-01.html
https://www.tenable.com/security/tns-2016-18
http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
http://rhn.redhat.com/errata/RHSA-2016-2575.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.debian.org/security/2016/dsa-3638
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/92309
http://www.securitytracker.com/id/1036537
http://www.securitytracker.com/id/1036739
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
http://www.ubuntu.com/usn/USN-3048-1
https://access.redhat.com/errata/RHSA-2018:3558
https://curl.haxx.se/docs/adv_20160803B.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/
https://security.gentoo.org/glsa/201701-47
https://source.android.com/security/bulletin/2016-12-01.html
https://www.tenable.com/security/tns-2016-18