Article Source Gentoo Linux Security Advisories
cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols.
Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL ( ) character. Specifically, the processing of such fields is stopped at the first occurence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike.
A remote attacker might employ a specially crafted X.509 certificate (that for instance contains a NUL character in the Common Name field) to conduct man-in-the-middle attacks…