libcurl.so improperly validate TLS cerificates. The vulnerability exists in allocate_conn
of url.c
where SSL_VERIFYSTATUS
is ignored and the server may incorrect display that the certificate is valid even though it is not.
CPE | Name | Operator | Version |
---|---|---|---|
libcurl.so | le | 4.4.0 | |
curl | le | 7.30.0.2 |