{ "schema_version": "1.4.0", "id": "GHSA-vx32-35rm-8jq5", "modified": "2022-05-14T02:00:03Z", "published": "2022-05-14T02:00:03Z", "aliases": [ "CVE-2016-7141" ], "details": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7141" }, { "type": "WEB", "url": "https://github.com/curl/curl/commit/curl-7_50_2~32" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:3558" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373229" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20160907.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201701-47" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2016-2575.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/92754" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1036739" } ], "database_specific": { "cwe_ids": [ "CWE-287" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2016-10-03T21:59:00Z" } }