CVE-2013-4545 Information

Feb 14, 2021 cve

Description

cURL and libcurl 7.18.0 through 7.32.0 when built with OpenSSL disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Reference

http://curl.haxx.se/docs/adv_20131115.html http://curl.haxx.se/docs/adv_20131115.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00047.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00053.html http://www.debian.org/security/2013/dsa-2798 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.ubuntu.com/usn/USN-2048-1 https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 cURL and libcurl 7.18.0 through 7.32.0 when built with OpenSSL disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. cpe:2.3:a:haxx:curl:7.18.0:::::::* cpe:2.3:a:haxx:curl:7.18.1:::::::* cpe:2.3:a:haxx:curl:7.18.2:::::::* cpe:2.3:a:haxx:curl:7.19.0:::::::* cpe:2.3:a:haxx:curl:7.19.1:::::::* cpe:2.3:a:haxx:curl:7.19.2:::::::* cpe:2.3:a:haxx:curl:7.19.3:::::::* cpe:2.3:a:haxx:curl:7.19.4:::::::* cpe:2.3:a:haxx:curl:7.19.5:::::::* cpe:2.3:a:haxx:curl:7.19.6:::::::* cpe:2.3:a:haxx:curl:7.19.7:::::::* cpe:2.3:a:haxx:curl:7.20.0:::::::* cpe:2.3:a:haxx:curl:7.20.1:::::::* cpe:2.3:a:haxx:curl:7.21.0:::::::* cpe:2.3:a:haxx:curl:7.21.1:::::::* cpe:2.3:a:haxx:curl:7.21.2:::::::* cpe:2.3:a:haxx:curl:7.21.3:::::::* cpe:2.3:a:haxx:curl:7.21.4:::::::* cpe:2.3:a:haxx:curl:7.21.5:::::::* cpe:2.3:a:haxx:curl:7.21.6:::::::* cpe:2.3:a:haxx:curl:7.21.7:::::::* cpe:2.3:a:haxx:curl:7.22.0:::::::* cpe:2.3:a:haxx:curl:7.23.0:::::::* cpe:2.3:a:haxx:curl:7.23.1:::::::* cpe:2.3:a:haxx:curl:7.24.0:::::::* cpe:2.3:a:haxx:curl:7.25.0:::::::* cpe:2.3:a:haxx:curl:7.26.0:::::::* cpe:2.3:a:haxx:curl:7.27.0:::::::* cpe:2.3:a:haxx:curl:7.28.0:::::::* cpe:2.3:a:haxx:curl:7.28.1:::::::* cpe:2.3:a:haxx:curl:7.29.0:::::::* cpe:2.3:a:haxx:curl:7.30.0:::::::* cpe:2.3:a:haxx:curl:7.31.0:::::::* cpe:2.3:a:haxx:curl:7.32.0:::::::* cpe:2.3:a:haxx:libcurl:7.18.0:::::::* cpe:2.3:a:haxx:libcurl:7.18.1:::::::* cpe:2.3:a:haxx:libcurl:7.18.2:::::::* cpe:2.3:a:haxx:libcurl:7.19.0:::::::* cpe:2.3:a:haxx:libcurl:7.19.1:::::::* cpe:2.3:a:haxx:libcurl:7.19.2:::::::* cpe:2.3:a:haxx:libcurl:7.19.3:::::::* cpe:2.3:a:haxx:libcurl:7.19.4:::::::* cpe:2.3:a:haxx:libcurl:7.19.5:::::::* cpe:2.3:a:haxx:libcurl:7.19.6:::::::* cpe:2.3:a:haxx:libcurl:7.19.7:::::::* cpe:2.3:a:haxx:libcurl:7.20.0:::::::* cpe:2.3:a:haxx:libcurl:7.20.1:::::::* cpe:2.3:a:haxx:libcurl:7.21.0:::::::* cpe:2.3:a:haxx:libcurl:7.21.1:::::::* cpe:2.3:a:haxx:libcurl:7.21.2:::::::* cpe:2.3:a:haxx:libcurl:7.21.3:::::::* cpe:2.3:a:haxx:libcurl:7.21.4:::::::* cpe:2.3:a:haxx:libcurl:7.21.5:::::::* cpe:2.3:a:haxx:libcurl:7.21.6:::::::* cpe:2.3:a:haxx:libcurl:7.21.7:::::::* cpe:2.3:a:haxx:libcurl:7.22.0:::::::* cpe:2.3:a:haxx:libcurl:7.23.0:::::::* cpe:2.3:a:haxx:libcurl:7.23.1:::::::* cpe:2.3:a:haxx:libcurl:7.24.0:::::::* cpe:2.3:a:haxx:libcurl:7.25.0:::::::* cpe:2.3:a:haxx:libcurl:7.26.0:::::::* cpe:2.3:a:haxx:libcurl:7.27.0:::::::* cpe:2.3:a:haxx:libcurl:7.28.0:::::::* cpe:2.3:a:haxx:libcurl:7.28.1:::::::* cpe:2.3:a:haxx:libcurl:7.29.0:::::::* cpe:2.3:a:haxx:libcurl:7.30.0:::::::* cpe:2.3:a:haxx:libcurl:7.31.0:::::::* cpe:2.3:a:haxx:libcurl:7.32.0:::::::*

Share on: