CVE-2016-3739

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

Published: May 20, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-3739
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
haxx / curl	7.21.3	7.21.3.x
haxx / curl	7.24.0	7.24.0.x
haxx / curl	7.35.0	7.35.0.x
haxx / curl	7.21.5	7.21.5.x
haxx / curl	7.21.1	7.21.1.x
haxx / curl	7.32.0	7.32.0.x
haxx / curl	7.40.0	7.40.0.x
haxx / curl	7.29.0	7.29.0.x
haxx / curl	7.48.0	7.48.0.x
haxx / curl	7.22.0	7.22.0.x
haxx / curl	7.33.0	7.33.0.x
haxx / curl	7.45.0	7.45.0.x
haxx / curl	7.44.0	7.44.0.x
haxx / curl	7.26.0	7.26.0.x
haxx / curl	7.23.1	7.23.1.x
haxx / curl	7.25.0	7.25.0.x
haxx / curl	7.36.0	7.36.0.x
haxx / curl	7.21.6	7.21.6.x
haxx / curl	7.30.0	7.30.0.x
haxx / curl	7.27.0	7.27.0.x
haxx / curl	7.38.0	7.38.0.x
haxx / curl	7.21.2	7.21.2.x
haxx / curl	7.42.0	7.42.0.x
haxx / curl	7.31.0	7.31.0.x
haxx / curl	7.42.1	7.42.1.x
haxx / curl	7.41.0	7.41.0.x
haxx / curl	7.34.0	7.34.0.x
haxx / curl	7.21.0	7.21.0.x
haxx / curl	7.28.0	7.28.0.x
haxx / curl	7.23.0	7.23.0.x
haxx / curl	7.28.1	7.28.1.x
haxx / curl	7.47.0	7.47.0.x
haxx / curl	7.43.0	7.43.0.x
haxx / curl	7.21.4	7.21.4.x
haxx / curl	7.39.0	7.39.0.x
haxx / curl	7.21.7	7.21.7.x
haxx / curl	7.46.0	7.46.0.x

Vulnerability Database

289,599

CVE-2016-3739