libcurl provides the CURLOPT_CERTINFO
option to allow applications torequest details to be returned about a serverโs certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 10.0 | |
debian_linux | eq | 11.0 | |
curl | lt | 7.83.1 |