DSA-1869 curl -- insufficient input validationID: oval:org.mitre.oval:def:7282 | Date: (C)2009-12-15 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
Platform: |
Debian 5.0 |
Debian 4.0 |