Total vulnerabilities in the database
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| Software | From | Fixed in |
|---|---|---|
| haxx / curl | 7.21.3 | 7.21.3.x |
| haxx / curl | 7.24.0 | 7.24.0.x |
| haxx / curl | 7.18.0 | 7.18.0.x |
| haxx / curl | 7.21.5 | 7.21.5.x |
| haxx / curl | 7.21.1 | 7.21.1.x |
| haxx / curl | 7.32.0 | 7.32.0.x |
| haxx / curl | 7.19.1 | 7.19.1.x |
| haxx / curl | 7.19.6 | 7.19.6.x |
| haxx / curl | 7.29.0 | 7.29.0.x |
| haxx / curl | 7.22.0 | 7.22.0.x |
| haxx / curl | 7.20.0 | 7.20.0.x |
| haxx / curl | 7.20.1 | 7.20.1.x |
| haxx / curl | 7.26.0 | 7.26.0.x |
| haxx / curl | 7.19.7 | 7.19.7.x |
| haxx / curl | 7.19.3 | 7.19.3.x |
| haxx / curl | 7.23.1 | 7.23.1.x |
| haxx / curl | 7.25.0 | 7.25.0.x |
| haxx / curl | 7.19.0 | 7.19.0.x |
| haxx / curl | 7.21.6 | 7.21.6.x |
| haxx / curl | 7.30.0 | 7.30.0.x |
| haxx / curl | 7.27.0 | 7.27.0.x |
| haxx / curl | 7.19.4 | 7.19.4.x |
| haxx / curl | 7.21.2 | 7.21.2.x |
| haxx / curl | 7.31.0 | 7.31.0.x |
| haxx / curl | 7.21.0 | 7.21.0.x |
| haxx / curl | 7.28.0 | 7.28.0.x |
| haxx / curl | 7.23.0 | 7.23.0.x |
| haxx / curl | 7.28.1 | 7.28.1.x |
| haxx / curl | 7.18.1 | 7.18.1.x |
| haxx / curl | 7.18.2 | 7.18.2.x |
| haxx / curl | 7.21.4 | 7.21.4.x |
| haxx / curl | 7.19.2 | 7.19.2.x |
| haxx / curl | 7.21.7 | 7.21.7.x |
| haxx / curl | 7.19.5 | 7.19.5.x |
| haxx / libcurl | 7.19.0 | 7.19.0.x |
| haxx / libcurl | 7.19.6 | 7.19.6.x |
| haxx / libcurl | 7.21.2 | 7.21.2.x |
| haxx / libcurl | 7.19.4 | 7.19.4.x |
| haxx / libcurl | 7.30.0 | 7.30.0.x |
| haxx / libcurl | 7.25.0 | 7.25.0.x |
| haxx / libcurl | 7.21.3 | 7.21.3.x |
| haxx / libcurl | 7.18.0 | 7.18.0.x |
| haxx / libcurl | 7.23.0 | 7.23.0.x |
| haxx / libcurl | 7.19.1 | 7.19.1.x |
| haxx / libcurl | 7.26.0 | 7.26.0.x |
| haxx / libcurl | 7.31.0 | 7.31.0.x |
| haxx / libcurl | 7.22.0 | 7.22.0.x |
| haxx / libcurl | 7.20.0 | 7.20.0.x |
| haxx / libcurl | 7.21.0 | 7.21.0.x |
| haxx / libcurl | 7.28.0 | 7.28.0.x |
| haxx / libcurl | 7.18.2 | 7.18.2.x |
| haxx / libcurl | 7.21.5 | 7.21.5.x |
| haxx / libcurl | 7.19.3 | 7.19.3.x |
| haxx / libcurl | 7.24.0 | 7.24.0.x |
| haxx / libcurl | 7.27.0 | 7.27.0.x |
| haxx / libcurl | 7.19.7 | 7.19.7.x |
| haxx / libcurl | 7.23.1 | 7.23.1.x |
| haxx / libcurl | 7.21.6 | 7.21.6.x |
| haxx / libcurl | 7.19.5 | 7.19.5.x |
| haxx / libcurl | 7.21.7 | 7.21.7.x |
| haxx / libcurl | 7.21.1 | 7.21.1.x |
| haxx / libcurl | 7.20.1 | 7.20.1.x |
| haxx / libcurl | 7.32.0 | 7.32.0.x |
| haxx / libcurl | 7.29.0 | 7.29.0.x |
| haxx / libcurl | 7.18.1 | 7.18.1.x |
| haxx / libcurl | 7.28.1 | 7.28.1.x |
| haxx / libcurl | 7.21.4 | 7.21.4.x |
| haxx / libcurl | 7.19.2 | 7.19.2.x |