Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-6422HistoryDec 23, 2013 - 10:55 p.m.
CVE-2013-6422
2013-12-2322:55:02
Debian Security Bug Tracker
security-tracker.debian.org
18
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.7%
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | < 7.34.0-1 | curl_7.34.0-1_all.deb |
| Debian | 11 | all | curl | < 7.34.0-1 | curl_7.34.0-1_all.deb |
| Debian | 999 | all | curl | < 7.34.0-1 | curl_7.34.0-1_all.deb |
| Debian | 13 | all | curl | < 7.34.0-1 | curl_7.34.0-1_all.deb |
Related
nessus
nessus
nvd
nvd
CVE-2013-6422
2013-12-23 22:55:02
freebsd
freebsd
cURL library -- cert name check ignore with GnuTLS
2013-12-17 00:00:00
cvelist
cvelist
CVE-2013-6422
2013-12-23 22:00:00
openvas
openvas
Debian Security Advisory DSA 2824-1 (curl - unchecked tls/ssl certificate host name)
2013-12-19 00:00:00
Ubuntu: Security Advisory (USN-2058-1)
2013-12-23 00:00:00
Debian: Security Advisory (DSA-2824-1)
2013-12-18 00:00:00
prion
prion
Design/Logic Flaw
2013-12-23 22:55:00
ubuntu
ubuntu
curl vulnerability
2013-12-18 00:00:00
debian
debian
[SECURITY] [DSA 2824-1] curl security update
2013-12-19 18:51:05
[SECURITY] [DSA 2824-1] curl security update
2013-12-19 18:51:05
securityvulns
securityvulns
[USN-2058-1] curl vulnerability
2013-12-23 00:00:00
cURL certificates spoofing
2013-12-23 00:00:00
cve
cve
CVE-2013-6422
2013-12-23 22:55:02
ubuntucve
ubuntucve
CVE-2013-6422
2013-12-17 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-01-20 00:00:00
kaspersky
kaspersky
KLA10458 Multiple vulnerabilities in HP SMH
2014-01-10 00:00:00
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.7%
Related for DEBIANCVE:CVE-2013-6422