Sybr

**Name of the Vulnerable Software and Affected Versions** libcurl (affected versions not specified) **Description** The issue is related to the `CURLOPT CERTINFO` option in libcurl, which allows applications to request details about a server's certificate chain. Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information. This could allow a remote attacker to cause a denial of service by consuming all available system resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `CURLOPT CERTINFO` option to minimize the risk of exploitation. Restrict access to libcurl built with NSS to minimize the risk of exploitation. Avoid using the `CURLOPT CERTINFO` option in libcurl until the issue is resolved.