CVE-2016-9952

Name of the Vulnerable Software and Affected Versions libcurl versions 7.30.0 through 7.51.0

Description The issue arises from a flaw in the verify certificate function when comparing a wildcard certificate name to the hostname used for the connection. This flaw allows remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, such as a DNS name of *.com. The comparison process removes the wildcard character from the cert name and checks if the connection hostname ends with the modified cert name, which could lead to matches like example.com with a DNS SAN of *.com. This approach violates recommendations in RFC 6125.

Recommendations For libcurl versions 7.30.0 through 7.51.0, consider disabling the verify certificate function until a patch is available, or restrict the use of wildcard certificates to minimize the risk of exploitation. Avoid using overly permissive wildcard SANs in server certificates.