CVE-2016-3739
Description
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.068
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2016-3739 are affected in Curl For Windows 7.48.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.6 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.4 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.5 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.7 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.22.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.23.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.23.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.24.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.25.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.26.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.27.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.28.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.28.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.29.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.30.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.31.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.32.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.33.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.34.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.35.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.36.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.38.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.40.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.41.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.42.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.42.1 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.43.0 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.44.0 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.45.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.46.0 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.47.0 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.48.0 | Windows |
| Vulnerabilities CVE-2016-3739 are fixed in Curl For Windows 7.49.0 | Windows |
| Improper Input Validation Vulnerability (CVE-2016-3739) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234