CVE-2013-4545

CVSS 4.3 - MEDIUM

Description

cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected Products

50 of 68

Vendor	Product	Version
haxx	curl	`7.18.0`
haxx	curl	`7.18.1`
haxx	curl	`7.18.2`
haxx	curl	`7.19.0`
haxx	curl	`7.19.1`
haxx	curl	`7.19.2`
haxx	curl	`7.19.3`
haxx	curl	`7.19.4`
haxx	curl	`7.19.5`
haxx	curl	`7.19.6`
haxx	curl	`7.19.7`
haxx	curl	`7.20.0`
haxx	curl	`7.20.1`
haxx	curl	`7.21.0`
haxx	curl	`7.21.1`
haxx	curl	`7.21.2`
haxx	curl	`7.21.3`
haxx	curl	`7.21.4`
haxx	curl	`7.21.5`
haxx	curl	`7.21.6`
haxx	curl	`7.21.7`
haxx	curl	`7.22.0`
haxx	curl	`7.23.0`
haxx	curl	`7.23.1`
haxx	curl	`7.24.0`
haxx	curl	`7.25.0`
haxx	curl	`7.26.0`
haxx	curl	`7.27.0`
haxx	curl	`7.28.0`
haxx	curl	`7.28.1`
haxx	curl	`7.29.0`
haxx	curl	`7.30.0`
haxx	curl	`7.31.0`
haxx	curl	`7.32.0`
haxx	libcurl	`7.18.0`
haxx	libcurl	`7.18.1`
haxx	libcurl	`7.18.2`
haxx	libcurl	`7.19.0`
haxx	libcurl	`7.19.1`
haxx	libcurl	`7.19.2`
haxx	libcurl	`7.19.3`
haxx	libcurl	`7.19.4`
haxx	libcurl	`7.19.5`
haxx	libcurl	`7.19.6`
haxx	libcurl	`7.19.7`
haxx	libcurl	`7.20.0`
haxx	libcurl	`7.20.1`
haxx	libcurl	`7.21.0`
haxx	libcurl	`7.21.1`
haxx	libcurl	`7.21.2`