CVE-2014-8151 — Incorrect Comparison in Libcurl

CWE-697 — Incorrect Comparison CWE-295 — Improper Certificate Validation9 documents7 sources

Severity

5.8MEDIUMNVD

EPSS

0.4%

top 37.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Haxx Libcurl

Timeline

PublishedJan 15

Latest updateMay 17

Description

The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDhaxx/libcurl10 versions+9

▶NVDapple/mac_os_x10.10.4

🔴Vulnerability Details

GHSA

GHSA-h2qh-xwfj-36gc: The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl↗2022-05-17

▶

CVEList

CVE-2014-8151: The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl↗2015-01-15

▶

📋Vendor Advisories

Red Hat

curl: certificate check bypass when built with DarwinSSL as TLS backend↗2015-01-08

▶

Debian

CVE-2014-8151: curl - The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.3...↗2014

▶

Apple

CVE-2014-8151: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

💬Community

Bugzilla

CVE-2014-8151 curl: certificate check bypass when built with DarwinSSL as TLS backend↗2015-01-05

▶

Bugzilla

CVE-2014-3005 zabbix: local file inclusion via XXE attack↗2014-06-17

▶