Vulnerability CVE-2016-5419: Information

Description

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-5419
Published: Aug. 10, 2016
Modified: Nov. 7, 2023
Error type identifier: CWE-310

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
curlsisyphus7.50.1-alt18.7.1-alt2ALT-PU-2016-1895-1168902Fixed
curlp107.50.1-alt18.7.1-alt2ALT-PU-2016-1895-1168902Fixed
curlp97.50.1-alt17.79.0-alt2ALT-PU-2016-1895-1168902Fixed
curlp87.50.1-alt17.65.0-alt1ALT-PU-2016-1940-1169235Fixed
curlc10f17.50.1-alt18.6.0-alt1ALT-PU-2016-1895-1168902Fixed
curlc9f27.50.1-alt18.6.0-alt1ALT-PU-2016-1895-1168902Fixed
curlc77.56.1-alt1.M70C.1.17.56.1-alt1.M70C.1.1ALT-PU-2018-1442-1202075Fixed
curlp117.50.1-alt18.7.1-alt2ALT-PU-2016-1895-1168902Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://curl.haxx.se/docs/adv_20160803A.html
  • Mitigation
  • Patch
  • Vendor Advisory
DSA-3638
  • Third Party Advisory
openSUSE-SU-2016:2379
  • Third Party Advisory
openSUSE-SU-2016:2227
    1036538
      92292
        92319
          USN-3048-1
            SSA:2016-219-01
              https://source.android.com/security/bulletin/2016-12-01.html
                https://www.tenable.com/security/tns-2016-18
                  GLSA-201701-47
                    1038341
                      RHSA-2016:2957
                        RHSA-2016:2575
                          http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
                            RHSA-2018:3558
                              FEDORA-2016-24316f1f56
                                FEDORA-2016-8354baae0f

                                    1. Configuration 1

                                      cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
                                      End including
                                      7.50.0

                                      Configuration 2

                                      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

                                      Configuration 3

                                      cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
                                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                  Version: v24.5.2
                                  Back to top