[3.4] curl: Incorrect reuse of client certificates (CVE-2016-7141)ID: oval:org.secpod.oval:def:1800801 | Date: (C)2018-03-29 (M)2023-11-10 |
Class: PATCH | Family: unix |
libcurl built on top of NSS incorrectly re-used client certificates if a certificate from file was used for one TLS connection but no certificate set for a subsequent TLS connection. While the symptoms are similar to CVE-2016-5420 , this vulnerability was caused by an implementation detail of the NSS backend in libcurl, which is orthogonal to the cause of CVE-2016-5420. Affected versions: libcurl 7.19.6 to and including 7.50.1.
Platform: |
Alpine Linux 3.4 |