PT-2016-7232 · Curl+5 · Libcurl+6

Adam Mariš

Publicado

2016-09-07

Atualizado

2026-05-18

CVE-2016-7141

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions curl and libcurl versions prior to 7.50.2

Description The issue allows remote attackers to hijack the authentication of a TLS connection by reusing a previously loaded client certificate from file for a connection where no certificate has been set.

Recommendations For versions prior to 7.50.2, update to version 7.50.2 or later to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-305CWE-287

Identificadores relacionados

ALT-PU-2016-1956

CESA-2016_2575

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2016-7141

DLA-1568-1

DLA-616-1

RHSA-2016:2575

RHSA-2016_2575

RHSA-2018:3558

SUSE-SU-2016:2330-1

SUSE-SU-2016:2449-1

SUSE-SU-2016:2700-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

SUSE-SU-2018:0230-1

SUSE-SU-2018_0230-1

USN-3123-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Curl

Libcurl

PT-2016-7232 · Curl+5 · Libcurl+6

CVE-2016-7141

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 334