Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS connections. CVE-2016-5421 Marcelo Echeverria and Fernando Muñoz discovered that libcurl was vulnerable to a use-after-free flaw.