CVE-2007-3564

Name of the Vulnerable Software and Affected Versions: libcurl versions 7.14.0 through 7.16.3

Description: The issue allows remote attackers to bypass certain access restrictions by not checking SSL/TLS certificate expiration or activation dates when libcurl is built with GnuTLS support. This flaw enables malicious servers to present certificates that were not rejected properly, although CA certificate and common name checks are still in place, reducing the risk for random servers to exploit this flaw. The exploitation of this vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations: For libcurl versions 7.14.0 through 7.16.3, consider updating to a version that includes the fix for this issue, as the current version does not properly verify certificate expiration or activation dates when built with GnuTLS support. As a temporary workaround, consider restricting access to sensitive resources that rely on libcurl for SSL/TLS connections until a patched version is available.