CVE-2016-3739
Gentoo Linux Security Advisory 201701-47
Severity Score
5.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.
Las funciones (1) mbed_connect_step1 en lib/vtls/mbedtls.c y (2) polarssl_connect_step1 en lib/vtls/polarssl.c en cURL y libcurl en versiones anteriores 7.49.0, cuando usan SSLv3 o hacen una conexión TSL a una URL que usa una dirección IP numérica, permiten a atacantes remotos engañar a los servidores a través de un certificado arbitrario válido.
Several potential security vulnerabilities have been identified in HPE Insight Control. The vulnerabilities could be exploited remotely resulting in remote denial of Service (DoS), cross-site request forgery (CSRF), remote execution of arbitrary commands, disclosure of sensitive information, cross-site scripting (XSS), bypass access restriction or unauthorized modification. Revision 1 of this advisory.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-03-30 CVE Reserved
- 2016-05-20 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (11)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.495349 | 2024-05-01 | |
| https://curl.haxx.se/CVE-2016-3739.patch | 2024-05-01 | |
| https://curl.haxx.se/docs/adv_20160518.html | 2024-05-01 | |
| https://security.gentoo.org/glsa/201701-47 | 2024-05-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.0 Search vendor "Haxx" for product "Curl" and version "7.21.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.1 Search vendor "Haxx" for product "Curl" and version "7.21.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.2 Search vendor "Haxx" for product "Curl" and version "7.21.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.3 Search vendor "Haxx" for product "Curl" and version "7.21.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.4 Search vendor "Haxx" for product "Curl" and version "7.21.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.5 Search vendor "Haxx" for product "Curl" and version "7.21.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.6 Search vendor "Haxx" for product "Curl" and version "7.21.6" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.7 Search vendor "Haxx" for product "Curl" and version "7.21.7" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.22.0 Search vendor "Haxx" for product "Curl" and version "7.22.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.23.0 Search vendor "Haxx" for product "Curl" and version "7.23.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.23.1 Search vendor "Haxx" for product "Curl" and version "7.23.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.24.0 Search vendor "Haxx" for product "Curl" and version "7.24.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.25.0 Search vendor "Haxx" for product "Curl" and version "7.25.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.26.0 Search vendor "Haxx" for product "Curl" and version "7.26.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.27.0 Search vendor "Haxx" for product "Curl" and version "7.27.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.28.0 Search vendor "Haxx" for product "Curl" and version "7.28.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.28.1 Search vendor "Haxx" for product "Curl" and version "7.28.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.29.0 Search vendor "Haxx" for product "Curl" and version "7.29.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.30.0 Search vendor "Haxx" for product "Curl" and version "7.30.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.31.0 Search vendor "Haxx" for product "Curl" and version "7.31.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.32.0 Search vendor "Haxx" for product "Curl" and version "7.32.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.33.0 Search vendor "Haxx" for product "Curl" and version "7.33.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.34.0 Search vendor "Haxx" for product "Curl" and version "7.34.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.35.0 Search vendor "Haxx" for product "Curl" and version "7.35.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.36.0 Search vendor "Haxx" for product "Curl" and version "7.36.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.38.0 Search vendor "Haxx" for product "Curl" and version "7.38.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.39.0 Search vendor "Haxx" for product "Curl" and version "7.39.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.40.0 Search vendor "Haxx" for product "Curl" and version "7.40.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.41.0 Search vendor "Haxx" for product "Curl" and version "7.41.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.42.0 Search vendor "Haxx" for product "Curl" and version "7.42.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.42.1 Search vendor "Haxx" for product "Curl" and version "7.42.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.43.0 Search vendor "Haxx" for product "Curl" and version "7.43.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.44.0 Search vendor "Haxx" for product "Curl" and version "7.44.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.45.0 Search vendor "Haxx" for product "Curl" and version "7.45.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.46.0 Search vendor "Haxx" for product "Curl" and version "7.46.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.47.0 Search vendor "Haxx" for product "Curl" and version "7.47.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.48.0 Search vendor "Haxx" for product "Curl" and version "7.48.0" | - |
Affected
| ||||||