CVE-2013-6422

Name of the Vulnerable Software and Affected Versions libcurl versions 7.21.4 through 7.33.0 curl versions prior to 7.34.0

Description The issue allows remote attackers to conduct man-in-the-middle (MITM) attacks, making it easier to spoof servers. This is due to the disabling of the CURLOPT SSL VERIFYHOST check for CN or SAN host name fields when digital signature verification (CURLOPT SSL VERIFYPEER) is disabled. The vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.

Recommendations For libcurl versions 7.21.4 through 7.33.0, update to version 7.34.0 or later to resolve the issue. For curl versions prior to 7.34.0, update to version 7.34.0 or later to resolve the issue. As a temporary workaround, consider enabling CURLOPT SSL VERIFYPEER to mitigate the risk of exploitation.