Improper Handling of Domain Name in cURL and libcurl by OpenSSL
CVE-2009-2417

Currently unrated

Key Information:

Vendor: Curl
Status: Libcurl
Vendor: CVE Published:; 14 August 2009

What is CVE-2009-2417?

A flaw in the handling of domain names in the Common Name (CN) field of X.509 certificates in cURL and libcurl allows attackers to perform man-in-the-middle attacks. By exploiting improper handling of null ('\0') characters, attackers can spoof legitimate SSL servers using crafted certificates issued by trusted Certificate Authorities, compromising the security of transmitted data and enabling unauthorized access.

References

http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-24...

x_refsource_CONFIRM

http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-24...

x_refsource_CONFIRM

http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-24...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 14, 2009
Vulnerability Reserved
Jul 9, 2009

Curl

What is CVE-2009-2417?

References

Timeline