What is the severity of CVE-2016-3739?

CVE-2016-3739 is classified as a high-severity vulnerability due to its potential to allow remote attackers to spoof servers.

How do I fix CVE-2016-3739?

To fix CVE-2016-3739, update cURL and libcurl to version 7.49.0 or later.

What versions of cURL are affected by CVE-2016-3739?

CVE-2016-3739 affects cURL and libcurl versions prior to 7.49.0, specifically versions 7.21.0 through 7.48.0.

What types of connections are impacted by CVE-2016-3739?

CVE-2016-3739 affects SSLv3 connections and TLS connections to resources identified by numerical IP addresses.

What are the consequences of CVE-2016-3739?

The consequences of CVE-2016-3739 include the potential for remote attackers to spoof servers, which could lead to data breaches or man-in-the-middle attacks.

Vulnerability/
CVE-2016-3739

medium

5.3

CWE

20/5/2016

6/8/2024

CVE-2016-3739: Input Validation

First published: Fri May 20 2016(Updated: )

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Curl	=7.21.0
Curl	=7.21.1
Curl	=7.21.2
Curl	=7.21.3
Curl	=7.21.4
Curl	=7.21.5
Curl	=7.21.6
Curl	=7.21.7
Curl	=7.22.0
Curl	=7.23.0
Curl	=7.23.1
Curl	=7.24.0
Curl	=7.25.0
Curl	=7.26.0
Curl	=7.27.0
Curl	=7.28.0
Curl	=7.28.1
Curl	=7.29.0
Curl	=7.30.0
Curl	=7.31.0
Curl	=7.32.0
Curl	=7.33.0
Curl	=7.34.0
Curl	=7.35.0
Curl	=7.36.0
Curl	=7.38.0
Curl	=7.39.0
Curl	=7.40.0
Curl	=7.41.0
Curl	=7.42.0
Curl	=7.42.1
Curl	=7.43.0
Curl	=7.44.0
Curl	=7.45.0
Curl	=7.46.0
Curl	=7.47.0
Curl	=7.48.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3739?
CVE-2016-3739 is classified as a high-severity vulnerability due to its potential to allow remote attackers to spoof servers.
How do I fix CVE-2016-3739?
To fix CVE-2016-3739, update cURL and libcurl to version 7.49.0 or later.
What versions of cURL are affected by CVE-2016-3739?
CVE-2016-3739 affects cURL and libcurl versions prior to 7.49.0, specifically versions 7.21.0 through 7.48.0.
What types of connections are impacted by CVE-2016-3739?
CVE-2016-3739 affects SSLv3 connections and TLS connections to resources identified by numerical IP addresses.
What are the consequences of CVE-2016-3739?
The consequences of CVE-2016-3739 include the potential for remote attackers to spoof servers, which could lead to data breaches or man-in-the-middle attacks.

agent/type
agent/softwarecombine
agent/references
agent/weakness
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/haxx
canonical/curl
version/curl/7.21.0
version/curl/7.21.1
version/curl/7.21.2
version/curl/7.21.3
version/curl/7.21.4
version/curl/7.21.5
version/curl/7.21.6
version/curl/7.21.7
version/curl/7.22.0
version/curl/7.23.0
version/curl/7.23.1
version/curl/7.24.0
version/curl/7.25.0
version/curl/7.26.0
version/curl/7.27.0
version/curl/7.28.0
version/curl/7.28.1
version/curl/7.29.0
version/curl/7.30.0
version/curl/7.31.0
version/curl/7.32.0
version/curl/7.33.0
version/curl/7.34.0
version/curl/7.35.0
version/curl/7.36.0
version/curl/7.38.0
version/curl/7.39.0
version/curl/7.40.0
version/curl/7.41.0
version/curl/7.42.0
version/curl/7.42.1
version/curl/7.43.0
version/curl/7.44.0
version/curl/7.45.0
version/curl/7.46.0
version/curl/7.47.0
version/curl/7.48.0