Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2014-8151

The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

  • Published: Jan 15, 2015
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-8151
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
apple / mac_os_x - 10.10.4.x
haxx / libcurl 7.37.0 7.37.0.x
haxx / libcurl 7.33.0 7.33.0.x
haxx / libcurl 7.36.0 7.36.0.x
haxx / libcurl 7.34.0 7.34.0.x
haxx / libcurl 7.31.0 7.31.0.x
haxx / libcurl 7.35.0 7.35.0.x
haxx / libcurl 7.38.0 7.38.0.x
haxx / libcurl 7.32.0 7.32.0.x
haxx / libcurl 7.37.1 7.37.1.x
haxx / libcurl 7.39 7.39.x