Описание
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | see note |
| devel | not-affected | see note |
| esm-infra-legacy/trusty | not-affected | see note |
| esm-infra/xenial | not-affected | see note |
| precise/esm | not-affected | see note |
| trusty | not-affected | see note |
| trusty/esm | not-affected | see note |
| upstream | needs-triage | |
| xenial | not-affected | see note |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3