Input validation error in cURL

#VU33070 Input validation error in cURL

Published: 2016-05-20 | Updated: 2020-08-03

Vulnerability identifier: #VU33070

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-3739

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

Mitigation
Install update from vendor's website.

Vulnerable software versions

cURL: 7.1 - 7.48.0

External links
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/90726
http://www.securitytracker.com/id/1035907
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.495349
http://curl.haxx.se/changes.html#7_49_0
http://curl.haxx.se/CVE-2016-3739.patch
http://curl.haxx.se/docs/adv_20160518.html
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://security.gentoo.org/glsa/201701-47

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in curl (Alpine package)

Slackware Linux update for curl

Input validation error in curl.haxx.se cURL