Debian Security Advisory 1869 curl – insufficient input validation

29
Article Source Debian Security Advisories
August 18, 2009, 5:00 pm

It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the “Null Prefix Attacks Against SSL/TLS Certificates” recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field…

Read More