CVE-2013-4545
EPSS 0.36%curl - unchecked ssl certificate host name
發布日:2013/11/23修改日:2026/4/28
描述
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
受影響套件(2)
- Debian/curlfrom 0, < 7.33.0-1
- Debian/curlfrom 0, < 7.21.0-2.1+squeeze5