Wind River Support Network

HomeDefectsLIN8-3757
Fixed

LIN8-3757 : Security Advisory - curl - CVE-2016-3739

Created: May 31, 2016    Updated: Dec 3, 2018
Resolved Date: Jul 20, 2016
Found In Version: 8.0
Fix Version: 8.0.0.8
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3739

Other Downloads


CVEs


Live chat
Online