CVE-2017-7468

Metadata

medium
unknown
curl
CVE-2017-7468
cve.mitre.org, curl.haxx.se, ubuntu.com, github.com
2017-04-19
2017-06-15 02:33
v3.5/main/curl-7.52.1-r3
v3.6/main/curl-7.54.0-r0
v3.4/main/curl-7.52.1-r2
CVE-2017-7468 curl
2017-04-25 14:03
2017-04-21 00:04
2017-04-20 10:13
2017-04-20 05:04

Description

curl and libcurl between 7.52.0 and 7.53.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
upstream curl 7.52.1-5
zesty curl 7.52.1-4ubuntu1.1

Unaffected

Release Package Reason
precise curl not-affected
trusty curl not-affected
vivid/stable-phone-overlay curl not-affected
vivid/ubuntu-core curl not-affected
xenial curl not-affected
yakkety curl not-affected
devel curl not-affected