CVE-2014-0139 Information

Feb 14, 2021 cve

Description

cURL and libcurl 7.1 before 7.36.0 when using the OpenSSL axtls qsossl or gskit libraries for TLS recognize a wildcard IP address in the subject’s Common Name (CN) field of an X.509 certificate which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Reference

http://advisories.mageia.org/MGASA-2015-0165.html http://curl.haxx.se/docs/adv_20140326B.html http://curl.haxx.se/docs/adv_20140326B.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/58615 http://secunia.com/advisories/59458 http://www.debian.org/security/2014/dsa-2902 http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ http://www.mandriva.com/security/advisories?name=MDVSA-2015:213 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.ubuntu.com/usn/USN-2167-1 http://www-01.ibm.com/support/docview.wss?uid=swg21675820 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862 cURL and libcurl 7.1 before 7.36.0 when using the OpenSSL axtls qsossl or gskit libraries for TLS recognize a wildcard IP address in the subject’s Common Name (CN) field of an X.509 certificate which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. cpe:2.3:a:haxx:curl:7.10.6:::::::* cpe:2.3:a:haxx:curl:7.10.7:::::::* cpe:2.3:a:haxx:curl:7.10.8:::::::* cpe:2.3:a:haxx:curl:7.11.0:::::::* cpe:2.3:a:haxx:curl:7.11.1:::::::* cpe:2.3:a:haxx:curl:7.11.2:::::::* cpe:2.3:a:haxx:curl:7.12.0:::::::* cpe:2.3:a:haxx:curl:7.12.1:::::::* cpe:2.3:a:haxx:curl:7.12.2:::::::* cpe:2.3:a:haxx:curl:7.12.3:::::::* cpe:2.3:a:haxx:curl:7.13.0:::::::* cpe:2.3:a:haxx:curl:7.13.1:::::::* cpe:2.3:a:haxx:curl:7.13.2:::::::* cpe:2.3:a:haxx:curl:7.14.0:::::::* cpe:2.3:a:haxx:curl:7.14.1:::::::* cpe:2.3:a:haxx:curl:7.15.0:::::::* cpe:2.3:a:haxx:curl:7.15.1:::::::* cpe:2.3:a:haxx:curl:7.15.2:::::::* cpe:2.3:a:haxx:curl:7.15.3:::::::* cpe:2.3:a:haxx:curl:7.15.4:::::::* cpe:2.3:a:haxx:curl:7.15.5:::::::* cpe:2.3:a:haxx:curl:7.16.0:::::::* cpe:2.3:a:haxx:curl:7.16.1:::::::* cpe:2.3:a:haxx:curl:7.16.2:::::::* cpe:2.3:a:haxx:curl:7.16.3:::::::* cpe:2.3:a:haxx:curl:7.16.4:::::::* cpe:2.3:a:haxx:curl:7.17.0:::::::* cpe:2.3:a:haxx:curl:7.17.1:::::::* cpe:2.3:a:haxx:curl:7.18.0:::::::* cpe:2.3:a:haxx:curl:7.18.1:::::::* cpe:2.3:a:haxx:curl:7.18.2:::::::* cpe:2.3:a:haxx:curl:7.19.0:::::::* cpe:2.3:a:haxx:curl:7.19.1:::::::* cpe:2.3:a:haxx:curl:7.19.2:::::::* cpe:2.3:a:haxx:curl:7.19.3:::::::* cpe:2.3:a:haxx:curl:7.19.4:::::::* cpe:2.3:a:haxx:curl:7.19.5:::::::* cpe:2.3:a:haxx:curl:7.19.6:::::::* cpe:2.3:a:haxx:curl:7.19.7:::::::* cpe:2.3:a:haxx:curl:7.20.0:::::::* cpe:2.3:a:haxx:curl:7.20.1:::::::* cpe:2.3:a:haxx:curl:7.21.0:::::::* cpe:2.3:a:haxx:curl:7.21.1:::::::* cpe:2.3:a:haxx:curl:7.21.2:::::::* cpe:2.3:a:haxx:curl:7.21.3:::::::* cpe:2.3:a:haxx:curl:7.21.4:::::::* cpe:2.3:a:haxx:curl:7.21.5:::::::* cpe:2.3:a:haxx:curl:7.21.6:::::::* cpe:2.3:a:haxx:curl:7.21.7:::::::* cpe:2.3:a:haxx:curl:7.22.0:::::::* cpe:2.3:a:haxx:curl:7.23.0:::::::* cpe:2.3:a:haxx:curl:7.23.1:::::::* cpe:2.3:a:haxx:curl:7.24.0:::::::* cpe:2.3:a:haxx:curl:7.25.0:::::::* cpe:2.3:a:haxx:curl:7.26.0:::::::* cpe:2.3:a:haxx:curl:7.27.0:::::::* cpe:2.3:a:haxx:curl:7.28.0:::::::* cpe:2.3:a:haxx:curl:7.28.1:::::::* cpe:2.3:a:haxx:curl:7.29.0:::::::* cpe:2.3:a:haxx:curl:7.30.0:::::::* cpe:2.3:a:haxx:curl:7.31.0:::::::* cpe:2.3:a:haxx:curl:7.32.0:::::::* cpe:2.3:a:haxx:curl:7.33.0:::::::* cpe:2.3:a:haxx:curl:7.34.0:::::::* cpe:2.3:a:haxx:curl:7.35.0:::::::* cpe:2.3:a:haxx:libcurl:7.10.6:::::::* cpe:2.3:a:haxx:libcurl:7.10.7:::::::* cpe:2.3:a:haxx:libcurl:7.10.8:::::::* cpe:2.3:a:haxx:libcurl:7.11.0:::::::* cpe:2.3:a:haxx:libcurl:7.11.1:::::::* cpe:2.3:a:haxx:libcurl:7.11.2:::::::* cpe:2.3:a:haxx:libcurl:7.12.0:::::::* cpe:2.3:a:haxx:libcurl:7.12.1:::::::* cpe:2.3:a:haxx:libcurl:7.12.2:::::::* cpe:2.3:a:haxx:libcurl:7.12.3:::::::* cpe:2.3:a:haxx:libcurl:7.13.0:::::::* cpe:2.3:a:haxx:libcurl:7.13.1:::::::* cpe:2.3:a:haxx:libcurl:7.13.2:::::::* cpe:2.3:a:haxx:libcurl:7.14.0:::::::* cpe:2.3:a:haxx:libcurl:7.14.1:::::::* cpe:2.3:a:haxx:libcurl:7.15.0:::::::* cpe:2.3:a:haxx:libcurl:7.15.1:::::::* cpe:2.3:a:haxx:libcurl:7.15.2:::::::* cpe:2.3:a:haxx:libcurl:7.15.3:::::::* cpe:2.3:a:haxx:libcurl:7.15.4:::::::* cpe:2.3:a:haxx:libcurl:7.15.5:::::::* cpe:2.3:a:haxx:libcurl:7.16.0:::::::* cpe:2.3:a:haxx:libcurl:7.16.1:::::::* cpe:2.3:a:haxx:libcurl:7.16.2:::::::* cpe:2.3:a:haxx:libcurl:7.16.3:::::::* cpe:2.3:a:haxx:libcurl:7.16.4:::::::* cpe:2.3:a:haxx:libcurl:7.17.0:::::::* cpe:2.3:a:haxx:libcurl:7.17.1:::::::* cpe:2.3:a:haxx:libcurl:7.18.0:::::::* cpe:2.3:a:haxx:libcurl:7.18.1:::::::* cpe:2.3:a:haxx:libcurl:7.18.2:::::::* cpe:2.3:a:haxx:libcurl:7.19.0:::::::* cpe:2.3:a:haxx:libcurl:7.19.1:::::::* cpe:2.3:a:haxx:libcurl:7.19.2:::::::* cpe:2.3:a:haxx:libcurl:7.19.3:::::::* cpe:2.3:a:haxx:libcurl:7.19.4:::::::* cpe:2.3:a:haxx:libcurl:7.19.5:::::::* cpe:2.3:a:haxx:libcurl:7.19.6:::::::* cpe:2.3:a:haxx:libcurl:7.19.7:::::::* cpe:2.3:a:haxx:libcurl:7.20.0:::::::* cpe:2.3:a:haxx:libcurl:7.20.1:::::::* cpe:2.3:a:haxx:libcurl:7.21.0:::::::* cpe:2.3:a:haxx:libcurl:7.21.1:::::::* cpe:2.3:a:haxx:libcurl:7.21.2:::::::* cpe:2.3:a:haxx:libcurl:7.21.3:::::::* cpe:2.3:a:haxx:libcurl:7.21.4:::::::* cpe:2.3:a:haxx:libcurl:7.21.5:::::::* cpe:2.3:a:haxx:libcurl:7.21.6:::::::* cpe:2.3:a:haxx:libcurl:7.21.7:::::::* cpe:2.3:a:haxx:libcurl:7.22.0:::::::* cpe:2.3:a:haxx:libcurl:7.23.0:::::::* cpe:2.3:a:haxx:libcurl:7.23.1:::::::* cpe:2.3:a:haxx:libcurl:7.24.0:::::::* cpe:2.3:a:haxx:libcurl:7.25.0:::::::* cpe:2.3:a:haxx:libcurl:7.26.0:::::::* cpe:2.3:a:haxx:libcurl:7.27.0:::::::* cpe:2.3:a:haxx:libcurl:7.28.0:::::::* cpe:2.3:a:haxx:libcurl:7.28.1:::::::* cpe:2.3:a:haxx:libcurl:7.29.0:::::::* cpe:2.3:a:haxx:libcurl:7.30.0:::::::* cpe:2.3:a:haxx:libcurl:7.31.0:::::::* cpe:2.3:a:haxx:libcurl:7.32.0:::::::* cpe:2.3:a:haxx:libcurl:7.33.0:::::::* cpe:2.3:a:haxx:libcurl:7.34.0:::::::* cpe:2.3:a:haxx:libcurl:7.35.0:::::::*

Share on: